A random person online has downloaded my full user database right after receiving access to my app.
He sent me the list of my users in a txt file - I was literally shocked.
Thank God it doesn’t seem to appear “ransomware” but more of a lead gen tactic - he wants to sell me cyber security services.
After a bit of research and chatting with a technical friend, he told me that he might have performed UserEnum tactics to reverse engineer all my sign-ups. He has also told me that this issue could be solved by applying a patch.
I understand that Wordpress is vulnerable to UserEnum by default (unless you apply some plugins), however this shouldn’t happen.
@Glide Team - I have the exact string that the hacker used to download the list. Please let me know if you need it and please let’s fix this key vulnerability.