This morning I received close to 30 emails requesting password resets on “Frumph” and “phil” as the username. From sites that I have worked on or helped with in the past.
It is imperative that if I have an account on your system, delete it or verify that the access is down to ‘subscriber’
Important as it is, you NEED to set people back to subscriber after they’re done helping you out, the only person who should ever have consistent administrator access is YOU, no one else. (unless in the case of those people who have a site administrator helping them out, but you get the idea.. no 3rd party people)
Update: 4:36am –
.. went through the emails and checked the sites out, .. half of them I don’t even remember ever EVER being involved with but still WordPress sent a password change request????
I have no idea who that is.
Update: 2:49pm –
Turns out this happened for a huge amount of people, not just me. Something fishy. I am going to believe that it’s something that has to do with ‘peoples information’ that got stolen/hacked from such places like Chase and Home Depot more likely the yahoo hack that happened recently.