Automattic, the folks behind WordPress.com got hacked at the “root” level, which means that the hackers potentially had access to *everything* those servers were hosting, like WordPress.com and Vaultpress, but other services might be affected as well.
The extent of the breach is not known yet, but your information might not be safe anymore, and your password might be compromised already. It really stinks to get hacked, and it can take a lot of time to recover from that, so it’s probably best to take action now. How?
For most users, you simply need to change your password. In general, password are encrypted on the server, but if hackers have them, they can eventually crack them in the comfort of their “office”. Use a strong password like #1dontwantt0behAcked!, or even more cryptic. The more random, the better. There are even utilities to test your password’s strength.
For Vaultpress users, you should envision changing your FTP, MySQL and SSH passwords as that information was stored “somewhere” on Automattic’s servers. Again, we don’t know the extent of the breach, but it takes only minutes to change those, compared to hours or days to recover from a hacked site. Auttomatic might have other services that I’m not familiar with, so just be mindful of those as well. Be safe.
- 2013-12-09: Google Glass Plays Nice With WordPress Unofficially
- 2013-09-09: Google+ Posts Can Now Be Embedded
- 2013-05-20: Are Tumblr Users Defecting To WordPress?
- 2013-04-14: Fix For Recent WordPress Brute Force Attack Is Easier Than You Think
- 2013-01-10: Wordpress For Blackberry 10 Previewed On Video
- 2012-08-15: Anonymous claims PSN breach, 10M accounts allegedly accessed
- 2012-01-16: Zappos hacked: 24 million accounts compromised
- 2011-11-10: Steam hacked: credit card and personal information compromised
- 2011-11-10: Stuxnet worm could allow hackers to open maximum security prison doors remotely
- 2011-09-01: Xbox 360 claimed to be permanently hacked