WordPress Hacked, Source Code Stolen

Servers belonging to Automattic, which makes the popular Wordpress blogging software, say that their servers were hacked and that the company’s source code is believed to have been “exposed and copied,” according to a company blog post Wednesday.

SAutomatticervers belonging to Automattic, which makes the popular WordPress blogging software, say that their servers were hacked and that the company’s source code is believed to have been “exposed and copied,” according to a company blog post Wednesday.

The post, by Matt Mullenweg, Automattic’s co-founder, said that the company had a “low-level (root) break-in to several of our servers.” Whi While the company doesn’t know the exact target of the hackers, “potentially anything on those servers could have been revealed.”

Mullenweg said the company was operating under the assumption that its source code was copied and, while much of it is open source, the copied data did contain “bits of our and our partners’ code” that are sensitive.

Automattic has taken “comprehensive steps to prevent an incident like this from occurring again,” but Mullenweg declined to speculate on whether the hundreds of thousands of blog operators that use WordPress need to be concerned about security vulnerabilities. He encouraged blog owners to make sure they are using strong passwords to secure their WordPress installations, and to refrain from reusing passwords – generic “good housekeeping” advice that wasn’t specific to the breach.

This isn’t the first time Automattic has found itself in the crosshairs. In March, the company was the target of a large denial of service attack. WordPress installations hosted on infrastructure managed by Network Solutions were also the target of attacks in April, 2010 that redirected thousands of WordPress blogs to malware-laden drive by download Web sites.

Suggested articles

Discussion

  • jobscry on

    I'm confused...isn't their software already Open Source?

  • Christopher Ross on

    @jobscry

    WordPress is an open source software package but WordPress.com is a commercial venture, owned by Automattic. While WordPress (from WordPress.org) is free and open source, the software on WordPress.com is modified and proprietary to them.  

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.