Automattic, which runs the WordPress blogs, had a low-level (root) break-in to several of its servers, and hackers appear to have had access to shedloads of personal data.
Writing on the WordPress bog, a spokesperson said that the outfit was scanning logs and records about the break-in to determine the extent of the information exposed.
It was re-securing those areas that were used to gain access.
He said that he presumed the hackers had copied the outfit’s source code.
“While much of our code is open source, there are sensitive bits of our and our partners’ code. Beyond that, however, it appears information disclosed was limited,” he said.
Unfortunately there does not seem to be much in the way of advice Automattic can come up with.
He suggested changing your passwords and using something a bit stronger than “1234” or “password” and using different passwords for different sites.
The spokesman said that the investigation into the matter is ongoing and will take time to complete.
This is not the first time that WordPress has been taken down. It suffered from a series of malicious attacks in 2009, and earlier this year suffering from the biggest DDoS it had ever experienced. It is a good target for hackers, with 18 million blogs hosted by the outfit.