Account email changed without my consent, site hacked, and no response from Kinsta support

Feedback
1

Hi everyone,

I’d really appreciate your advice and perspective on what’s happening to me right now.

What happened

Yesterday my website suddenly went down and showed only a white screen.
At first I assumed it was something simple like:

  • A payment issue with Kinsta, or

  • A problem with my domain provider.

I checked with my domain provider and saw that the domain itself was active and working, so I moved on to check MyKinsta.

Login issues with MyKinsta

I’ve always used 2FA with Google Authenticator for my Kinsta account, so I was sure that even in a worst-case scenario, I’d still be able to recover and manage my WordPress site via MyKinsta.

When I tried to log in:

  1. I entered my email and password.

  2. I entered the 2FA code from Google Authenticator.

  3. Then I was told I also needed to verify via email.

At that point, I checked my inbox and realized I wasn’t receiving any verification email at all.
I briefly wondered if there was an issue with my Google Workspace payment, but that was not the case either.

First contact with Kinsta

Kinsta doesn’t allow you to contact support unless you’re logged in, which I couldn’t do, so I started searching online for a direct support email and eventually wrote to them.

After about an hour, a representative replied and told me that the email address I was writing from was not recognized in their system. I then gave them my domain name.

They checked and told me that the email for my account had been changed - a single letter in my domain name was modified - and that the account was now under that email. In other words, someone had effectively taken over my MyKinsta account.

I’ve been working with WordPress for 14 years, and I’ve never had anything like this happen. I still don’t understand how a hacker could change the primary account email in this way.

Discovering the hack on WordPress

Meanwhile, I tried to access my WordPress Admin and reset the password, but I kept running into “Too Many Bad Requests” errors.

After multiple attempts, I finally managed to log into WP Admin. There I discovered:

  • Many new users with the Admin role

  • Examples: accounts like Adminbockup@wordpress.org, and more

At that point it was clear: the site had been hacked badly, and there were probably multiple backdoors and security holes.

Verification process and silence from support

I contacted Kinsta again, but they told me they couldn’t confirm that the account belonged to me and that I now needed to prove ownership.

I went through the verification process with the third-party company they use:

  • Provided my ID

  • Provided the last 4 digits of my payment method and expiration date

  • Took a live selfie with my phone

I then got a message saying:

  • My request was received

  • The 4 digits of the credit card and expiration date were correct

  • The verification process usually takes about 3 minutes

That was over 9 hours ago, and since then I have received no response, no update, and no indication that anyone is actively handling my case.

Current situation

Right now:

  • My site is still down, and I’m losing money.

  • My MyKinsta account is not under my control.

  • My WordPress site is compromised with multiple admin users and possible backdoors.

  • I have no clear communication or updates from Kinsta support.

I honestly feel like I’m receiving extremely poor and disrespectful service in a critical security incident. It doesn’t make sense to me that:

  • An account email can apparently be changed in this way.

  • A hacked, down site can stay in this condition for so long without at least ongoing updates from the hosting provider.

What I’m asking the community

  1. Has anyone experienced anything similar with Kinsta or any other host?

  2. What would you do in my situation?

    • From the security/incident-response side

    • And from the communication/hosting-provider side

At this point I’m mainly trying to figure out the most effective next steps - both to regain access and to clean and secure the site properly - but I’m also deeply concerned about how this could happen at the account level in the first place.

Thanks in advance to anyone who reads this and is willing to share advice or experience.

2

Hello @Webecy_Client_Manage :waving_hand:

I’m sorry to hear that you are having troubles accessing both Mykinsta and WordPress site.

What we need to differentiate is Mykinsta account from WordPress site account.

Your Mykinsta account can have a different email if you:

  • originally registered it with a typo
  • somebody hacked your Mykinsta account or got your log in credentials and changed it
  • somebody hacked Mykinsta (very unlikely)

In order to check, please DM me the domain name, the email which you contacted our support from and I’ll check and provide an update via email to you.

Kind regards!

3

Hi Vladimir,

Thank you for your response. I’ve sent you all the details and the domains in a private message. At the very least, I expect to receive a reply to the email from which I verified my identity and to be updated on the status of the investigation and the review.

my website is still not functioning, and it’s very frustrating.

4

I see that our Billing team replied that this is still under review and that we’ll proceed as soon as it’s done.

I understand the urgency and I also replied to you in DM.

Kind regards!