Hi @decwodie,
Thanks for reaching out to us. We actually just published a blog post about this a few days ago—did the email look something like this? https://www.wordfence.com/blog/2023/01/psa-your-site-isnt-hacked-by-this-bitcoin-scam-keep-the-money/
This is a common phishing extortion scam that’s similar to others we’ve seen in the past. The “attacker” would not have access to your database. In cases where attackers gain database access, they almost always use this access to insert clearly visible spam, redirects to malicious sites, or malicious administrators onto the site. Likewise, “genuine” ransomware actors typically send proof that they have your data.
It’s always a good idea to check for administrative users you’re unfamiliar with, and enabling two-factor authentication is also a wise choice. Still, you shouldn’t need to worry based on this message.
Please let us know if you have any other questions.
Tiffany