One of the world's most used blogging platforms, WordPress has admitted its servers have been hacked.
The firm behind the blogging platform, Automattic, confessed that the attack was a "low-level" break-in that gained root access to several servers, and "potentially anything on those servers could have been revealed".
"We have been diligently reviewing logs and records about the break-in to determine the extent of the information exposed, and re-securing avenues used to gain access," said Automattic president, Matt Mullenweg in a blog post.
"We presume our source code was exposed and copied. While much of our code is open source, there are sensitive bits of our and our partners' code," he added. "Beyond that, however, it appears information disclosed was limited."
Mullenweg said he didn't believe any personal information, such as phone numbers or credit card numbers, were compromised. The breach would only affect users hosted on the WordPress servers, not those with their own domains.
However, the firm isn't 100 per cent sure what data was exposed. Whats'more it didn't have much advice for users either, other than to use a strong password and change passwords on other sites if the same one has been used for WordPress.
It's the second major attack against the blogging platform in a month, following an "extremely large" denial of service attack against WordPress in March.
Return to security news headlines
View Security News Archive