WordPress.com servers hacked to steal source code

By

Blogging platform pwned, again.

Hackers have breached several servers belonging to WordPress.com to steal source code, the founder of the popular blogging platform revealed yesterday.


In a blog post, Matt Mullenweg said WordPress.com's parent company, Automattic, sustained a root-level infiltration to servers containing code belonging to WordPress.com and a number of its partners.

"We presume our source code was exposed and copied," he wrote. "While much of our code is open source, there are sensitive bits of our and partners' code. Beyond that, however, it appears information disclosed was limited."

He said the company was analysing the scope of the attack and securing vulnerable entryways that may have facilitated it.

WordPress.com has been targeted before. In March, it succumbed to its largest-ever distributed denial-of-service attack, which impacted the millions of blogs it hosts. Last year, its websites were targeted by fake anti-virus products, known as scareware.

Mullenweg advised WordPress users to use strong passwords, and make them unique for different sites.

"Our investigation into this matter is ongoing and will take time to complete," he wrote.

[An earlier version of this story was corrected to note the distinction between WordPress.com, the hosted blogging service, and WordPress, the trademark for self-hosted WordPress blogs, which were not impacted by this breach.]

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Log In

  |  Forgot your password?