We recently discovered WordPress.com login credentials in a list of compromised emails and passwords published by security researchers. This list was not generated as the result of any exploit on WordPress.com VIP, but rather by someone gaining access to the same email and password combination that was used on another service.
Over the next few days, as a precautionary measure, your users may receive an email prompting them to reset their password. Their account will be locked until the password is reset. To request a new password and regain access to your account, please click the ‘Lost your password?’ link on the WordPress.com login page and follow the instructions.
As per user security best practices, it is very important that the new password be unique – using the same password on different web sites increases the risk of your account being hacked. Please note we’ll never ask your users to provide us with their passwords — each user can reset their password by going directly to WordPress.com as directed.
If you have any questions, please open a support ticket and we’ll be happy to assist.
WordPress VIP Lobby 