We force-reset all customer passwords after a cryptocurrency mining virus infected our servers on May 3rd, 2020. While no customer data was accessed or affected, we felt it was important to be abundantly cautious for your security.

What happened?
On May 3rd, 2020 - our engineers discovered that a vulnerability in our server management software had allowed a cryptocurrency mining virus to gain access to our network. We immediately removed the virus, verified customer data was not accessed, deployed new security configurations, and contacted customers to let them know about the incident.

What do I need to do?
We automatically reset all credentials, so users are asked to create a new password at their next sign in. We also added a new button allowing users to regenerate Ghost Admin API keys if they wish to. There is nothing else you need to do.

Do I need to cancel my credit card?
We do not store customer credit card information anywhere on our servers. You do not need to cancel your card.

What should I set my new password to?
Your new password should be something unique that you don’t use on any other site or app. Long passwords are better than short passwords.

Where can I find more information?
For more details, you can read our detailed incident report and analysis published on May 6th, 2020.