WordPress’ founder Matt Mullenweg has communicated through his blog that hackers have breached the security of of Automattic, the company that runs WordPress, and broken into several of its servers.
Mullenweg says that Wednesday’s incident was a low-level root access breach. The company is reviewing its data logs to figure out what information may have been stolen and is working on patching any holes in its security. It seems unlikely that personally identifiable user information was taken during the attack, but Automattic has yet to complete its investigation.
“We presume our source code was exposed and copied,” Mullenweg stated on the company’s blog. “While much of our code is open source, there are sensitive bits of our and our partners’ code. Beyond that, however, it appears information disclosed was limited.”
WordPress hasn’t issued any advice to its millions of users so far, apart from suggesting the use of strong and unique passwords.
Infosec India 