Root-Level Attack Exposes WordPress's Premium Customers

A recent root-level hack WordPress.com hack may have harmed the company's premium customers, exposing their account passwords and other sensitive information.

WordPress.com boasts many major brands on its premium customer list, including NASA, Yahoo, Flickr and the New York Times among many others.

WordPress confirmed on Wednesday that a hacker had broken into its servers on Tuesday and may have copied sensitive sections of the company’s underlying code.

“Automattic had a low-level (root) break-in to several of our servers, and potentially anything on those servers could have been revealed,” WordPress founder Matt Mullenweg wrote in a blog post (http://en.blog.wordpress.com/2011/04/13/security).

"We have been diligently reviewing logs and records about the break-in to determine the extent of the information exposed, and re-securing avenues used to gain access. We presume our source code was exposed and copied," he added.

Mullenweg assured concerned parties that even if there was breach, the disclosure to sensitive information was fairly limited.

He also said that an investigation into the recent security breach is currently underway, and all necessary steps will be taken by the company to prevent such security breaches from occurring in the future.