We are currently investigating reports of unauthorized access to a small number of Pantheon customer accounts. Our evidence suggests these accounts were accessed using credentials stolen from external third-party data breaches (unrelated to Pantheon). This technique, known as "credential stuffing," relies on reused passwords.
Required Actions for All Customers • Audit Your Sites: Check for unexpected code or file modifications. If you find any suspicious changes, contact Pantheon Support immediately. • Enable MFA (High Priority): Multi-factor authentication is your best defense against password theft. • Enable MFA here: https://docs.pantheon.io/guides/account-mgmt/account/mfa • Update Your Password: If you use your Pantheon password on any other site, change it immediately to a unique, strong passphrase. Next Steps: We are continuing our investigation and will provide further updates as more information becomes available.