Hackers have compromised several servers that support WordPress and may have obtained source code, according to the founding developer of Automattic, the company behind the popular blogging platform. Hackers have compromised several servers that support WordPress and may have obtained source code, according to the founding developer of Automattic, the company behind the popular blogging platform.Matt Mullenweg wrote on the WordPress blog that Automattic has been reviewing log records to determine how much information was exposed and re-evaluating “avenues to gain access.”“We presume our source code was exposed and copied,” Mullenweg wrote. “While much of our code is open source, there are sensitive bits of our and our partners’ code. Beyond that, however, it appears information disclosed was limited.”Mullenweg wrote that the company had no specific advice for WordPress users besides using strong passwords, not using the same password for multiple sites. In the comment section of the blog post, a user asked if WordPress stores passwords in plain text or stores hashes of passwords. Mullenweg wrote that WordPress uses the Portable PHP password hashing framework.“Our investigation into this matter is ongoing and will take time to complete,” he wrote. “As I said above, we’ve taken comprehensive steps to prevent an incident like this from occurring again.” The intrusion follows what Automattic described as its worst distributed denial-of-service attack in its history last month, although the attack was thwarted soon after it started.Send news tips and comments to jeremy_kirk@idg.com Related content news analysis DHS unveils one common platform for reporting cyber incidents Ahead of CISA cyber incident reporting regulations, DHS issued a report on harmonizing 52 cyber incident reporting requirements, presenting a model common reporting platform that could encompass them all. By Cynthia Brumfield Sep 25, 2023 10 mins Regulation Regulation Regulation news Chinese state actors behind espionage attacks on Southeast Asian government The distinct groups of activities formed three different clusters, each attributed to a specific APT group. By Shweta Sharma Sep 25, 2023 4 mins Advanced Persistent Threats Cyberattacks feature How to pick the best endpoint detection and response solution EDR software has emerged as one of the preeminent tools in the CISO’s arsenal. Here’s what to look for and what to avoid when choosing EDR software. By Linda Rosencrance Sep 25, 2023 10 mins Intrusion Detection Software Security Monitoring Software Data and Information Security feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Data and Information Security IT Leadership Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe