Around 1:30AM UTC on May 3rd, 2020 an attacker used a CVE in our saltstack master to gain access to our infrastructure (please see https://docs.saltstack.com/en/latest/topics/releases/3000.2.html
for more information).
This affects both Ghost(Pro) sites and Ghost.org billing services.
We are able to verify that:
- No credit card information is affected
- No credentials are stored in plaintext
There is no direct evidence that private customer data, passwords or other information has been compromised. All sessions, passwords and keys are being cycled and all servers are being re-provisioned.