close blog site

  • Unknown's avatar
    annstephens331 · Member ·

    I am maintaining a WP.org website for my church (gracecenterhouston.com) and my pastor, Eric Skidmore, forwarded an email he received (below) about a security issue saying ‘password has been reset’ on a separate WP.com blog site. I see this ‘gracecenterhouston.wordpress.com’ (mentioned in the email) unfinished blog page comes up but we never created or use this. I have my own wordpress.com acct for various questions on other issues but i can’t find his email address anywhere so not sure why he would have received a notice like this. He asked me to look into it. I would like to delete this unused gch.wp.com unused blog site. I can just delete my whole wp.com account and start over if i need to but i would like to verify that his address is removed because he has no input or understanding of this site. Below is a c/p of the email he received. If it is a scam email, please advise how to proceed. Thank you, Ann Stephens

    From: ‘WordPress.com’
    To: ‘ (email visible only to moderators and staff) ‘
    Sent: Tue, Jul 17, 2018 at 8:37 PM
    Subject: Your WordPress.com password has been reset

    Your WordPress.com password has been reset

    Howdy,
    Your login credentials were recently discovered in a list of compromised accounts published by security researchers. This list was not generated as a result of any security issue on WordPress.com, but rather an external site or service that you also use being hacked and their user data leaked by the attackers.
    For your security, we have temporarily locked your WordPress.com account (gracecenterhouston).
    Until your password has been reset you will not be able to access your sites:
    – gracecenterhouston.wordpress.com
    To request a new password and regain access to your account, please click the ‘Lost your password?’ link on the WordPress.com login page and follow the instructions.
    It is very important that your new password be unique. Using the same password on different web sites increases the risk of your account being compromised. Now would be a good time to go through all of your online services and set distinct, strong passwords for each.
    Once your password has been changed, we strongly recommend making your account even more secure by enabling Two Step Authentication under the Security section of your Profile menu.
    – The WordPress.com Team
    Thanks for flying with WordPress.com

  • kokkieh · Staff ·

    Hi there,

    That email is not a scam, but was sent out by us.

    The gracecenterhouston account was created in August 2013 by the owner of the email address to which that notice was sent. The account appears to have been inactive for several years, so your pastor might have forgotten about it, but the account definitely exists and belongs to him.

    If he no longer wishes to own this account, he needs to follow the instructions in that email to reset the password and regain access to the account. Then he’ll be able to delete the site and the account via the account settings page.

    Close Your Account

    But we cannot delete either the account or the site for him, and we definitely cannot do it at a third party’s request. If he has any more questions about this, ask him to please contact us directly by replying to the notice he received at his email address.

  • Unknown's avatar
    kwasbeb · Member ·

    Hi!

    I got this e-mail as well. I’m curios about where my details were leaked? Could you point me in the right direction, somehow? If I’m using a service where my private information is being leaked, I would of course want to know what one so that I can cancel my account there.

    All the best, J

  • fstat · Staff ·

    Hi kwasbeb,

    To give more context, we believe the affected accounts were logged into by an unauthorized person due to your WordPress.com account using the same password as another hacked online account you have set up. By resetting the password and locking out the account, we are cutting off the ability for the unauthorized person or any other unauthorized persons to have access to your account. At this time, we do not have specifics as to when this happened and do not have identifying information (ie IP address) that we can share with you. We will be sharing what information we do have publicly on http://en.blog.wordpress.com/ when we can but, for now, wanted to proactively take measures to protect our customers.

  • The topic ‘close blog site’ is closed to new replies.