Mass "Password changed" email sent out. HELP

  • kevinluc

    (@kevinluc-1)


    9 years, 11 months ago

    Hi Support team,

    I’ve been using Ultimate member for the past couple of months now and have 600+ members on my website.

    Just minutes ago I’ve received emails from a handful of members saying they’ve received an email saying their password has been changed. I don’t know how many people have received this email but the list is growing. I don’t know if this was sent to the ENTIRE list of members but I sure as hell hope it wasn’t (although, it is unfortunately turning out to be the case).

    I’d like to mention that I have INTENTIONALLY turned off ALL email notifications well before this issue occurred and yet my members have still received an email.

    I’ve asked a handful of members have told me that their passwords have not actually changed.

    Wordfence has not detected any attacks on my website thus far.

    WHAT is going on?! Why is this happening? Please if ANYONE could help me understand this situation it would be much appreciated.

    https://wordpress.org/plugins/ultimate-member/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Ultimate Member

    (@ultimatemember)

    9 years, 10 months ago

    Hi Kevinluc,

    We’ve not had any reports of this from anyone else. Is it the UM email they are getting or the default WordPress changed password email?

    Thanks

    Thread Starter kevinluc

    (@kevinluc-1)

    9 years, 10 months ago

    I’m not sure, it seems like it was a WordPress email, but how do I know for sure? I assumed it was a UM email because it was sent to all UM members.

    This was the message that was received by one of my members.

    From: WordPress <wordpress@____>
    Date: Tue, Jun 14, 2016 at 1:03 PM
    Subject: [_____] Notice of Password Change
    To: _____

    Hi ___,

    This notice confirms that your password was changed on _____.

    If you did not change your password, please contact the Site Administrator at
    _____

    This email has been sent to _____

    Regards,

    Plugin Author Ultimate Member

    (@ultimatemember)

    9 years, 10 months ago

    That is the default WordPress email. The UM email for password change is:

    Hi {display_name},

    You recently changed the password associated with your {site_name} account.

    If you did not make this change and believe your {site_name} account has been compromised, please contact us at the following email address: {admin_email}

    Thanks,
    {site_name}

    Have no idea why your users would receive that email from WordPress. Not had this reported ever before so do not think it is related to UM.

    Thanks

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Mass "Password changed" email sent out. HELP’ is closed to new replies.