WordPress.com Hacked
Yesterday wordpress.com revealed that someone had hacked into several of their servers and gained root-level privileges — the most disastrous type of security breach, because with root privileges the hacker has access to everything on the system.
WordPress.com has revealed that someone has gained root-access (“low-level,” as in deep)�to several of its servers this morning and that VIP customers’ source code was accessible. WordPress.com VIP customers are all on “code red” and in the process of changing all the passwords/API keys they’ve left in the source code.
“Tough note to communicate today: Automattic had a low-level (root) break-in to several of our servers, and potentially anything on those servers could have been revealed.
We have been diligently reviewing logs and records about the break-in to determine the extent of the information exposed, and re-securing avenues used to gain access. We presume our source code was exposed and copied. While much of our code is Open Source, there are sensitive bits of our and our partners’ code. Beyond that, however, it appears information disclosed was limited.”
While Automattic is down playing the leak, site source code includes API keys and Twitter and Facebook passwords which can let interested parties gain access to sensitive information as well as shut people out of their Twitter and Facebook accounts, etc.