Hot topics

news

Comment

Hacker Gains Access To WordPress.com Servers, Site Source Code Exposed

Alexia Tsotsis

View Staff Page

Alexia Tsotsis is the co-editor of TechCrunch. She attended the University of Southern California in Los Angeles, CA, majoring in Writing and Art, and moved to New York City shortly after graduation to work in the media industry. After four years of living in New York and attending courses at New York University, she returned to Los Angeles in... → Learn More

Wednesday, April 13th, 2011
Comments

WordPress.com has revealed that someone has gained root-access (“low-level,” as in deep) to several of its servers this morning and that VIP customers’ source code was accessible. WordPress.com VIP customers are all on “code red” and in the process of changing all the passwords/API keys they’ve left in the source code.

“Tough note to communicate today: Automattic had a low-level (root) break-in to several of our servers, and potentially anything on those servers could have been revealed.

We have been diligently reviewing logs and records about the break-in to determine the extent of the information exposed, and re-securing avenues used to gain access. We presume our source code was exposed and copied. While much of our code is Open Source, there are sensitive bits of our and our partners’ code. Beyond that, however, it appears information disclosed was limited.”

While Automattic is downplaying the leak, sites’ source code could include API keys and Twitter and Facebook passwords which can let interested parties gain access to sensitive information as well as shut people out of their Twitter and other vulnerable accounts.

Automattic says that the investigation “is ongoing.” I’ve contacted founder Matt Mullenweg for more information and will update this post when I hear back.

WordPress.com currently serves 18 million publishers, including VIPs like us, TED, CBS and is responsible for 10% of all websites in the world. WordPress.com itself sees about 300 million unique visits monthly.

Crunchbase

Company: Automattic
Website: automattic.com
Launch Date: July 1, 2005
Funding: $30.6M

Automattic is the company behind WordPress.com, the simplest, most secure way to start web-publishing immediately on the open source WordPress platform. They also make Jetpack for WordPress, which bundles a number of social improvements to the WordPress core software as a single plugin. Automattic offers a number of products, like VaultPress and Akismet, on a freemium model so anyone can use them for free, and later have the choice to pay extra for premium features. Automattic has over 150 employees, including...

→ Learn more

Tags: