Late last week we discovered a security vulnerability that could have potentially allowed an attacker to use a malicious PHP script to access and view MySQL passwords stored on the MODX Cloud platforms. We found no evidence of intrusion or access of this information. These passwords are the passwords that are used to connect your website software (MODX or WordPress). No account information or credit card information is stored on our platforms. We have closed this security vulnerability and audited for any similar issues.
To ensure the security and to protect your websites we have regenerated new passwords and updated your software and MySQL databases. If you are using MODX or WordPress and no other scripts requiring a connection to the database you will not need to take any action. The new database password will be available for review in the Dashboard.
If you are using software or scripts that connect directly to the database and are outside MODX or WordPress, you will need to manually update the password.
We sincerely apologize for the inconvenience, however, the security and stability of your MODX Cloud sites is our highest concern.
If you have any questions or concerns about your account, please click the help button from the right side of the MODX Cloud Dashboard.