A security breach at popular blogging platform WordPress has lead to users being forced to change their passwords.
The intrusion, which took place on the WordPress.org open source area of the site owned by Automattic left several well known plug-ins infected with undisclosed trojans, some of which opened back doors to any site built with the afflicted files.
"We’re still investigating what happened," admitted Automattic's Matt Mullenweg in a statement, "but as a prophylactic measure we’ve decided to force-reset all passwords on WordPress.org. To use the forums, trac, or commit to a plugin or theme, you’ll need to reset your password to a new one."
It's not clear who carried out the attack or how and none of the usual suspects have come forward to admit responsibility.
Users are advised to make use of the password reset function on WordPress.org, and to upgrade AddThis, WPtouch, and W3 Total Cache plug-ins to the latest versions through their dashboards to ensure the malicious code isn't on their systems.