The parent company of the world famous blogging platform WordPress.com, has said in a statement that hackers have gained root (administrator level) access to its servers and have stolen their sensitive code as well as proprietary information about its partners.
An advisory released on Wednesday by ‘Automattic’ seems to be the latest which details the breach in Wordpress.com. The company said further that its employees are still determining what data was stolen but it seems from the initial assessments that the picture is not likely to get any better.
Company’s Founder, Matt Mullenweg, said in a statement that ‘Automattic’ gained root access into several of our servers and anything that was present on those servers might have been stolen or revealed. He further said that wordpress.com presumes that their source code was exposed because of this breach and was copied. Though much of the code is open source, there are instances of proprietary code that belonged to some of its partners. Any further comments beyond this are still not available from the company’s end.
Mr. Mullenweg further added that there is no evidence yet that passwords to accounts have been exposed and even if they have been, cracking would prove difficult as they (passwords) are hashed and salted using the Portable PHP password hashing framework.
The steps taken by hackers have still not been revealed, but the company said that any such further incident wouldn’t be possible.
Around 12 percent of websites on the internet are running WordPress, and this has brought upon the platform a series of hacking attempts. In 2009, older version of WordPess was attacked by a worm which was spam-friendly and that resulted into deletion of blog entries on the sites. In 2009 there were 2 such attempts made on WordPress.
Fairly recently a massive DoS attack was launched against the blogging giant which was successful and prevented its wide user base from posting blog entries.