WordPress admits hacking attack
The firm behind blogging platform WordPress has admitted its servers have been hacked.
Automattic’s president, Matt Mullenweg, said the attack was a “low-level” break-in that gained root access to several servers, and “potentially anything on those servers could have been revealed”.
“We have been diligently reviewing logs and records about the break-in to determine the extent of the information exposed, and re-securing avenues used to gain access,” he said in a blog post.
“We presume our source code was exposed and copied. While much of our code is open source, there are sensitive bits of our and our partners’ code,” he added. “Beyond that, however, it appears information disclosed was limited.”
Mullenweg said he didn’t believe any personal data, such as phone numbers or credit card numbers, were revealed. The breach would only affect users hosted on the WordPress servers, not those with their own domains.
Because the firm isn’t sure what data was exposed, it didn’t have much advice for users, other than to use a strong password and change passwords on other sites if the same one has been used for WordPress.
It’s the second major attack against the blogging platform in a month, following an “extremely large” denial of service attack against WordPress in March.