Security Incident Hits Automattic Affecting Users

Security Incident Hits Automattic Affecting Users

Oh dear. Automattic has been hit by some hackers :( This isn’t good news for users. Matt has announced on the WordPress blog that there has been a low-level root break-in and that anything on the server could have been revealed.

The guys at Automattic are working hard to determine what information has been stolen as well as resecuring the server.

From Matt on the blog:

We have been diligently reviewing logs and records about the break-in to determine the extent of the information exposed, and re-securing avenues used to gain access. We presume our source code was exposed and copied. While much of our code is Open Source, there are sensitive bits of our and our partners’ code. Beyond that, however, it appears information disclosed was limited.

As it stands, they do not have any specific advice to users beyond the usual considerations:

  • Use a strong password with letters, numbers and punctuation
  • Use different passwords for different sites
  • If you have the same passwords on different sites make them more secure.

If you are concerned about this issue, Matt has been fielding questions in the comments to his accouncement so head over their to raise any issues.

He did respond to one user that users passwords are hashed with phpass. At the minute they don’t believe that passwords have been stolen but if they were they would be very hard to crack.

Although Automattic are playing down the problem, TechCrunch have reported that all VIP members are on red alert. They have also reported that the hackers may have gained access to API keys, and Twitter and Facebook passwords stored on the server. This means that all VIP members are in the process of changing all of their passwords.