April 13, 2011

WordPress.com servers hacked to steal source code

Hackers have breached several servers belonging to WordPress.com to steal source code, the founder of the popular blogging platform revealed Wednesday.

In a blog post, Matt Mullenweg said WordPress.com's parent company, Automattic, sustained a root-level infiltration to servers containing code belonging to WordPress.com and a number of its partners.

"We presume our source code was exposed and copied," he wrote. "While much of our code is open source, there are sensitive bits of our and partners' code. Beyond that, however, it appears information disclosed was limited."

He said the company is analyzing the scope of the attack and securing any vulnerable entryways that may have facilitated it.

WordPress.com has been targeted before. In March, it succumbed to its largest-ever distributed denial-of-service attack, which impacted the millions of blogs it hosts. Last year, its websites were targeted by fake anti-virus products, known as scareware.

Mullenweg advised WordPress users to utilize strong passwords, and make them unique for different sites.

"Our investigation into this matter is ongoing and will take time to complete," he wrote.

[An earlier version of this story was corrected to note the distinction between WordPress.com, the hosted blogging service, and WordPress, the trademark for self-hosted WordPress blogs, which were not impacted by this breach.]

Editorial

Threat of the month

Hacked court system website leads to 160k stolen SSNs

A special ebook from SC Magazine: Education

eSymposium: Privacy and security May 21

WordPress.com servers hacked to steal source code

Next Article in News

DoJ, FBI disable massive Coreflood botnet

SC Magazine Articles

More in News

Privacy-bolstering "Apps Act" introduced in House

Microsoft readies permanent fix for Internet Explorer bug used in energy attacks

Weakness in Adobe ColdFusion allowed court hackers access to 160K SSNs