A note on the WordPress.com blog from Matt Mullenweg details some hard facts today. It seems that Automattic had a “low-level” break-in to several of its servers. Mullenweg goes on to state that anything on those servers could have been revealed:
We have been diligently reviewing logs and records about the break-in to determine the extent of the information exposed, and re-securing avenues used to gain access. We presume our source code was exposed and copied. While much of our code is Open Source, there are sensitive bits of our and our partners’ code. Beyond that, however, it appears information disclosed was limited.
At this point there is no further information given, other than to say that the team at Automattic is investigating the matter further and it “will take time to complete”.
It’s an opportune time to go back and read our posts about working with password managers. If you’ve not been diligent in setting up strong passwords, now is the time to use this as a case in point for the security of your personal information.