Auttomatic, the company behind the popular blogging and web publishing platform Wordpress, has reset over 100,000 customer accounts following last week's dump of almost five million stolen Gmail login credentials online.
Security officer Daryl L L Houston said Auttomatic had downloaded the list of leaked credentials that was posted on a Russian web forum and compared it to Wordpress users' passwords to see if there were any matches.
Users whose password matched leaked credentials have had their Wordpress.com account details reset, and have been sent email containing instructions on how to get a new one.
Houston said Auttomatic took the preemptive step over the weekend Australian time to protect Wordpress.com users.
Around 600,000 other Wordpress.com users' email addresses are also on the list, Houston said. However, since these were not immediately vulnerable, their passwords weren't reset.
Instead, these users will receive a notification in the Wordpress dashboard asking them to check the security of their passwords. Houston also encouraged Wordpress users to enable two-factor authentication.
Google has also responded to the leak, and protected the active accounts it could find in the data dump, as well as reseting their passwords.
It found that fewer than two percent of username and password combinations in the list would have worked and enabled attackers to log in to Gmail accounts, and added that its automated anti-hijacking provisions would have blocked many of the attempts.
