Wordpress.com gets hacked

OPEN SOURCE blogging website Wordpress.com suffered a hack attack on its servers, prompting the company behind the popular content management system to issue a warning about passwords.

In a brief but honest note from Automattic, it said that there had been a low-level (root) break-in to several servers, where anything on them could have been revealed.

Matt Mullenweg of Automattic said, "We have been diligently reviewing logs and records about the break-in to determine the extent of the information exposed, and re-securing avenues used to gain access."

"We presume our source code was exposed and copied. While much of our code is Open Source, there are sensitive bits of our and our partners' code. Beyond that, however, it appears information disclosed was limited."

Mullenweg said that the only advice they can give to Wordpress.com users right now is to use strong passwords and use different passwords for different websites. The investigation is ongoing and will take time to complete.

"We've taken comprehensive steps to prevent an incident like this from occurring again," he added.

As Sophos security expert Graham Cluley noted on his security blog, this incident potentially affects blogs that are hosted on Wordpress.com, rather than ones using Wordpress.org software.

On the other hand, if you are concerned about Wordpress.org security, it recently released a software update that fixed several security holes. µ