The MonsterInsights website has been attacked, reportedly hacked, and is sending phishing emails to its customers. The free version of MonsterInsights is installed on over two million websites and is believed to be installed on a total of three million sites.
MonsterInsights attacked
The official MonsterInsights website is down and the homepage has been replaced with the following notice:
“Our website is offline as we mitigate an attack. Your analytics and tracking are not affected.
Please DO NOT download MonsterInsights from any third-party website as a known phishing attempt is currently occurring.
Thanks for your patience.
If you have any questions, please contact support@monsterinsights.com »
Screenshot of MonsterInsights website
Monster Previews
MonsterInsights is a WordPress plugin installed on over two million websites. It connects to a user’s Google Analytics (GA) account and provides website traffic information in a WordPress dashboard. It also makes it easier for businesses to use GA’s complex tracking features. MonsterInsights also offers a Pro version of the plugin with more features that would appeal to e-commerce stores.
Phishing Email Reports from MonsterInsights
Users of the plugin report receiving phishing emails from MonsterInsights. Posts on Facebook and X (formerly Twitter) confirm this is happening.
@alliemims job on X:
“I was coming here to contact you because I received these phishing emails. I did not interact with them. I went to your site to try to report it via the contact form, but I received a 403. Sorry to hear that you are dealing with this nonsense. Good luck! 🙏”
@biancavandepoel tweeted:
“Is there a way to contact your customers via email as soon as possible? Because it looks like the attackers have already found them.”
Response from MonsterInsights
MonsterInsights published a answer on X warning users not to download or install their plugin from another website, confirming that the emails are a phishing attempt.
“We are currently mitigating an attack – DO NOT install MonsterInsights from a third-party website as a known phishing attempt is in progress at this time.”
Featured image by Shutterstock/Sadi Hockmuller
