S
ervers belonging to Automattic, which makes the popular WordPress blogging software, say that their servers were hacked and that the company’s source code is believed to have been “exposed and copied,” according to a company blog post Wednesday.
The post, by Matt Mullenweg, Automattic’s co-founder, said that the company had a “low-level (root) break-in to several of our servers.” Whi While the company doesn’t know the exact target of the hackers, “potentially anything on those servers could have been revealed.”
Mullenweg said the company was operating under the assumption that its source code was copied and, while much of it is open source, the copied data did contain “bits of our and our partners’ code” that are sensitive.
Automattic has taken “comprehensive steps to prevent an incident like this from occurring again,” but Mullenweg declined to speculate on whether the hundreds of thousands of blog operators that use WordPress need to be concerned about security vulnerabilities. He encouraged blog owners to make sure they are using strong passwords to secure their WordPress installations, and to refrain from reusing passwords – generic “good housekeeping” advice that wasn’t specific to the breach.
This isn’t the first time Automattic has found itself in the crosshairs. In March, the company was the target of a large denial of service attack. WordPress installations hosted on infrastructure managed by Network Solutions were also the target of attacks in April, 2010 that redirected thousands of WordPress blogs to malware-laden drive by download Web sites.
Related Posts
- Adobe to Patch Flash Zero Day on Windows, Mac on Friday
Adobe is planning to patch the recently disclosed Flash Player vulnerability on Friday for users on Windows, Mac OS X and Linux. The vulnerability is being used in targeted attacks right now that use ... - Analysis of the New Adobe Flash Attacks
When Adobe warned customers earlier this week about a newly discovered vulnerability in the Flash Player software, company officials said that there were already attacks underway against the bug. Thos... - Security study says data breaches often caused by configuration errors
A Verizon study of 2009 data breaches says hackers are increasingly exploiting configuration errors -- not the software holes that are plugged by vendor patches.
View full post on Computerworld Sec... - Anger after scam-exposing community shut down by Facebook
In a bizarre and hard-to-understand move, a Facebook page which claims it helped countless Facebook members stay safe online on the social network has been shut down... by Facebook.
The Bulldog Estate... - April 2011 Internet Threats Trend Report
Statistics related to spam levels feature prominently in this Internet Threats Trend Report, as they did in the report about the fourth quarter of 2010. This is due to the wide variations observed du... - An open letter to Facebook about safety and privacy
Dear Facebook,
As you know, for some years we have been discussing with your security team our concerns about safety and privacy on Facebook.
Every day, victims report to us numerous incidents of crim... - Global Spam Botnet Tracking Report (first quarter 2011)
The following data are the result of the monitoring and recording process made by spam sensors spread all around the world to provide the trend of security in terms of compromised systems. Spam sensor... - Breaking Down the Walls Between Application and Infrastructure Security
I wrote earlier about the need to expand the focus of information security programs beyond infrastructure to incorporate application security components. It’s difficult to bridge these disciplines in... - chandio hacker Video Detail for Computer Security and Computer Hacking Protection Computer
CSA DISCLAIMER: This video taken from YouTube. As well as any other video found on this site is not hosted here, it just embedded, and it taken randomly by our system from video hosting services lik... - Quake 4 Level 29 Data Network Security
CSA DISCLAIMER: This video taken from YouTube. As well as any other video found on this site is not hosted here, it just embedded, and it taken randomly by our system from video hosting services lik...
Posted on 14 April 2011. Tags: Application, breaches, Data, Hacking, Security, Web, WordPress
The above information is reprinted from and copyrighted © by threatpost - The First Stop for Security News.
