Tuesday, October 16, 2012

15000 Wordpress blogs hacked for making money from Survey

Wordpress Security Team is sending out warning messages to thousands of wordpress users that their account has been compromised recently. Warning message include "We recently detected suspicious activity on your WordPress.com account. To protect your identity and keep your site safe, we’ve reset your password."

Message continue "To reset your password and get access to your account and blog, please visit WordPress.com. Click on “Forgot password?” in the Login toolbar to get started. It is very important that your password be unique because using the same password across different web applications increases the risk of your account being hacked."

Note: Wordpress officially has not announce yet any security breach news on their website, but these warning mails are silently received by compromised account holders. Method of hack is still not confirmed. But hacking 15000 blogs from wordpress server and posting same article on all sites most obvious can't be a client side hack. Either wordpress servers has been compromised or a 3rd party WordPress API service server has been compromised where all these 15000 users account can be clients.

Source: http://bit.ly/QRUtWq