Vulnerability Management servers hacked to steal source code

Hackers have breached several servers belonging to to steal source code, the founder of the popular blogging platform revealed Wednesday.

In a blog post, Matt Mullenweg said's parent company, Automattic, sustained a root-level infiltration to servers containing code belonging to and a number of its partners.

"We presume our source code was exposed and copied," he wrote. "While much of our code is open source, there are sensitive bits of our and partners' code. Beyond that, however, it appears information disclosed was limited."

He said the company is analyzing the scope of the attack and securing any vulnerable entryways that may have facilitated it. has been targeted before. In March, it succumbed to its largest-ever distributed denial-of-service attack, which impacted the millions of blogs it hosts. Last year, its websites were targeted by fake anti-virus products, known as scareware.

Mullenweg advised WordPress users to utilize strong passwords, and make them unique for different sites.

"Our investigation into this matter is ongoing and will take time to complete," he wrote.

[An earlier version of this story was corrected to note the distinction between, the hosted blogging service, and WordPress, the trademark for self-hosted WordPress blogs, which were not impacted by this breach.]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.