Automattic, the company behind WordPress.com and the open source WordPress blogging platform, has revealed that it has suffered a security breach. The attackers gained root access to several of Automattic’s servers and potentially anything on those servers could have been read, copied or modified.
Automattic are reviewing the logs and records to determine the extent of the information exposed and are blocking the holes used to gain access. Most of the code on WordPress.com is open source, however Matt Mullenweg, the founding developer of WordPress, has mentioned that there are sensitive bits of code. It is assumed that these ‘sensitive bits’ are embedded passwords etc.
Automattic’s investigation into this matter is ongoing and will take time to complete but worried customers can contact the WordPress support team.