WordPress.com hack could put premium users at risk

WordPress.com maker Automattic reveals that hackers may have made off with sensitive bits of source code

Malicious hackers have successfully breached WordPress.com servers and potentially made off with sensitive bits of the publishing platform's underlying code. The breach could impact premium customers using WordPress for their websites, such as Flickr, NASA, Yahoo, and the New York Times.

The news comes among a surge of recent hack attacks against high-profile companies, including RSA, Epsilon, and HBGary. Additionally, it marks the yet another major attack on Automattic, the maker of WordPress, which most recently suffered a DDoS attack last month.

Automattic founder Matt Mullenweg announced the breach this morning in his blog, saying that several of Automattic's servers had been hit by a low-level (root) break-in. He said that the company is reviewing logs and records to determine the extent of the breach but at the time of writing, "[w]e presume our source code was exposed and copied. While much of our code is open source, there are sensitive bits of our and our partners' code."

That sort of information could, for example, provide malicious hackers with access to sensitive information via API keys and passwords for social networking sites like Facebook and Twitter, according to TechCrunch, a premium user of WordPress.

While TechCrunch and other potentially affected organizations remain on high alert, Automattic is "re-securing avenues used to gain access," according to Mullenweg.

Responding to user inquiries in the comments section of his blog post, Mullenweg said that the company had no cause to believe that user phone numbers or credit card numbers were swiped. He advised customers to protect themselves by practicing safe password security, including using strong, hard-to-crack passwords; changing passwords frequently; and not using the same password for different accounts.

This story, "WordPress.com hack could put premium users at risk," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest business technology news, follow InfoWorld.com on Twitter.


Copyright © 2011 IDG Communications, Inc.

How to choose a low-code development platform