Web administrators using the popular WordPress platform should heed the cautionary tale of microprocessor maker AMD and make sure they update their Web sites to secure vulnerabilities.
The company site was hacked over the weekend by someone called “r00tbeer” said to be part of a small enclave called r00tBeer Security Team. The bounty: 189 accounts in a SQL database that amounted to 32kb of data. The leaked information included usernames, email addresses and salted passwords of AMD employees and public relations personnel.
The group announced Aug. 18 on Twitter that it had attacked the discussion forum The Bot Net and “Our next target will be a large company. Stay tuned for the upcoming database dump.” The following day it posted another tweet announcing it was intending to expose data stolen from AMD.
Some security bloggers speculated the hackers were able to steal the data and deface a Web page because administrators were using an outdated version of WordPress. AMD has not issued an official statement on what happened and earlier put up a page on its blog section saying the site was down for “routine maintenance.”
“All in all, a small deal in the history of security breaches. More of a hackette than a hack, and no AMD customers need to panic, which is good news,” wrote Sophos’s Paul Ducklin. “But every hack is, at its heart, bad news.”