Hackers have gained access to servers of blogging website WordPress.com, forcing site to issue a warning to users to change their passwords.
Automattic (the developer of WordPress.com) had a low-level (root) break-in to several of our servers, and potentially anything on those servers could have been revealed, Matt Mullenweg of Automattic wrote on WordPress blog.
We have been diligently reviewing logs and records about the break-in to determine the extent of the information exposed, and re-securing avenues used to gain access. We presume our source code was exposed and copied. While much of our code is Open Source, there are sensitive bits of our and our partners' code. Beyond that, however, it appears information disclosed was limited, Mullenweg wrote.
Our investigation into this matter is ongoing and will take time to complete. We've taken comprehensive steps to prevent an incident like this from occurring again, Mullenweg noted.
The recent attack follows March 2011 attack that co-founder Matt Mullenweg termed as the largest and most sustained attack we've seen in our six year history.
The distributed denial of service (DDoS) attack was neutralized the same day but Mullenweg stated that time that there was a possibility it could flare up again. Now, the site was attacked again.
WordPress.com is a weblog hosting provider owned by Automattic which opened to beta testers in Aug. 2005 and opened to the public in Nov. 2005. It is powered by the open source WordPress software and financially supported via paid upgrades, VIP services and limited Google Adsense advertising.
WordPress.com currently serves more than 15 million publishers, including CBS, TechCrunch, CNN and the National Football League, and is responsible for 10 percent of all websites in the world.
So, an attack in to the site could lead hackers access sensitive information as well as Twitter and Facebook passwords.
According to the WordPress, over 298 million people view the site and it gets more than 2.5 billion page views each month.