WordPress Servers Hacked At Root Level

  /     /     /  
Publicated : 22/11/2024   Category : security


WordPress Servers Hacked At Root Level


Source code exposed, putting passwords for WordPress.com-hosted blogs at risk of being cracked.



(click image for larger view)
Slideshow: How Firesheep Can Hijack Web Sessions
On Wednesday, Automattic, which produces the WordPress blogging platform, disclosed that its servers had been hacked.
Automattic had a low-level (root) break-in to several of our servers, and potentially anything on those servers could have been revealed, said Matt Mullenweg, the founding developer of WordPress, on the official
WordPress blog
.
Confidential information relating to the WordPress code base was likely stolen. We presume our source code was exposed and copied, he said. While much of our code is open source, there are sensitive bits of our and our partners code. Beyond that, however, it appears information disclosed was limited.
The
breached
servers also contain hosted WordPress sites, but these are distinct from the WordPress software itself, which anyone can download and install on their own site. Its worth pointing out that the security incident only potentially affects blogs posted on WordPress.com, not sites which have decided to self-host their own WordPress blog using the software from WordPress.org, said Graham Cluley, senior technology consultant at Sophos, in a
blog post
.
Automattic has been working to clean up the breach and block similar attacks in the future. According to Mullenweg, we have been diligently reviewing logs and records about the break-in to determine the extent of the information exposed, and re-securing avenues used to gain access.
Fortunately, theres no evidence that attackers stole WordPress.com users passwords. Even if they did, however, Automattic stores all passwords in hashed and salted format, using
phpass
, which would make them quite difficult to crack.
Cluley lauded WordPress for disclosing the breach in a clear and forthright manner. To its credit, Automattic ... didnt mince its words or try to apply any spin to the incident, he said.
Nevertheless, he and Mullenweg alike recommend that everyone with a blog on WordPress.com immediately change their password.
We dont know that the WordPress.com security breach gave the hackers access to bloggers passwords, but we do know that many Internet users have chosen to use the same password on multiple websites, said Cluley. If your password was stolen from one website, it could then be used to unlock many other online accounts--and potentially cause a bigger problem for you. So always use unique passwords.

Last News

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
WordPress Servers Hacked At Root Level