WordPress.com Security Incident

WordPress Security Incident

Automattic, the company behind WordPress.com and the open-source WordPress blogging tool, announced today that several of its servers had been broken into.

The servers were said to have been broken into at root level, meaning that whoever was behind the attacks could have done pretty much anything. “Potentially anything on those servers could have been revealed,” Automattic and WordPress founder Matt Mullenweg said in the statement.

“We have been diligently reviewing logs and records about the break-in to determine the extent of the information exposed, and re-securing avenues used to gain access. We presume our source code was exposed and copied,” Mullenweg said.

While most of the code would have been open source and therefor freely available online anyway, there do seem to have been some sensitive bits of code belonging to Automattic and their partners that were on that server and which could have potentially been copied.

Mullenweg reiterated advise for users to use strong passwords, “meaning something random with numbers and punctuation,” and to use different passwords on different sites.

The company continues to investigate the issue, something that will take some time to complete.

Via: Security Incident – WordPress.com blog

Share this page:
  • Print
  • Facebook
  • Twitter
  • LinkedIn
  • del.icio.us
  • Google Bookmarks
  • Digg
  • Reddit
  • StumbleUpon
  • Technorati
  • Mixx