- Jan 24, 2011
- 9,378
Millions of blog owners around the world are being advised to consider their password security, after WordPress.com was hacked.
To its credit, Automattic - the company behind the WordPress.com blogging platform - didn't mince its words or try to apply any spin to the incident, explaining it had suffered a "low-level (root) break-in to several of [its] servers, and potentially anything on those servers could have been revealed."
We have been diligently reviewing logs and records about the break-in to determine the extent of the information exposed, and re-securing avenues used to gain access. We presume our source code was exposed and copied. While much of our code is Open Source, there are sensitive bits of our and our partners’ code. Beyond that, however, it appears information disclosed was limited.
WordPress's gurus continue to investigate the security breach, and says it has taken steps to prevent it happening again.
It's worth pointing out that the security incident only potentially affects blogs posted on WordPress.com, not sites which have decided to self-host their own WordPress blog using the software from WordPress.org.
More details - link
To its credit, Automattic - the company behind the WordPress.com blogging platform - didn't mince its words or try to apply any spin to the incident, explaining it had suffered a "low-level (root) break-in to several of [its] servers, and potentially anything on those servers could have been revealed."
We have been diligently reviewing logs and records about the break-in to determine the extent of the information exposed, and re-securing avenues used to gain access. We presume our source code was exposed and copied. While much of our code is Open Source, there are sensitive bits of our and our partners’ code. Beyond that, however, it appears information disclosed was limited.
WordPress's gurus continue to investigate the security breach, and says it has taken steps to prevent it happening again.
It's worth pointing out that the security incident only potentially affects blogs posted on WordPress.com, not sites which have decided to self-host their own WordPress blog using the software from WordPress.org.
More details - link
