WPSandbox
What Happened
In November 2018, the WordPress sandboxing service that allows people to create temporary websites WP Sandbox discovered their service was being used to host a phishing site attempting to collect Microsoft OneDrive accounts. After identifying the malicious site, WP Sandbox took it offline, contacted the 858 people who provided information to it then self-submitted their addresses to HIBP. The phishing page requested both email addresses and passwords.
Compromised Data
Recommended Actions
Change Your Password
If you haven't changed your password on this service since the breach, do so immediately.
Enable Two-Factor Authentication
If 2FA is supported, add an extra layer of security to your account.
Check Other Accounts
If you used the same password elsewhere, change those too.
Monitor for Suspicious Activity
Watch for unusual login attempts, spam and phishing emails.
Breach Overview
-
Affected Accounts:
858
-
Breach Occurred:
November 2018
-
Added to HIBP:
6 Nov 2018
Recommended Actions
Change Your Password
If you haven't changed your WPSandbox password since 2018, do so immediately.
Enable Two-Factor Authentication
Add an extra layer of security to your account.
Check Other Accounts
If you used the same password elsewhere, change those too.
Monitor for Suspicious Activity
Watch for unusual login attempts or messages from your account.
