Home 18 Million WordPress.com Blogs Compromised In Attack

18 Million WordPress.com Blogs Compromised In Attack

Automattic, the company that owns the WordPress.com blogging platform that powers more than 18 million blogs, announced this morning that its servers had been broken into and source code, among other things, could have been exposed.

WordPress founder Matt Mullenweg writes “Tough note to communicate today: Automattic had a low-level (root) break-in to several of our servers, and potentially anything on those servers could have been revealed.”

According to Mullenweg, the break-in was limited but proprietary information could have been accessed:

We have been diligently reviewing logs and records about the break-in to determine the extent of the information exposed, and re-securing avenues used to gain access. We presume our source code was exposed and copied. While much of our code is Open Source, there are sensitive bits of our and our partners’ code. Beyond that, however, it appears information disclosed was limited.

Update: According to Automattic, this break-in “affects most of Automattic’s services […] Root level access potentially allows access to everything on the servers.”

TechCrunch’s Alexia Tsosis argues that Mullenweg is downplaying the severity of the incident, pointing out that “WordPress.com VIP customers are all on ‘code red’ and in the process of changing all the passwords/API keys they’ve left in the source code.” TechCrunch, among other big blogs, is a WordPress VIP customer.

“While Automattic is down playing the leak, site source code includes API keys and Twitter and Facebook passwords,” writes Tsosis.

Mullenweg says that the investigation is ongoing and that they have “taken comprehensive steps to prevent an incident like this from occurring again.”

Mullenweg also suggests that users should use strong passwords, different passwords for each site and, “If you have used the same password on different sites, switch it to something more secure.” In other words – change your passwords, folks.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.