Join us at TNW Conference 2022 for insights into the future of tech →

The heart of tech

This article was published on September 13, 2014

WordPress preemptively resets 100,000 accounts as a precaution over recent Gmail password leaks

WordPress preemptively resets 100,000 accounts as a precaution over recent Gmail password leaks Image by: Nikolay Bachiyski
Paul Sawers
Story by

Paul Sawers

Paul Sawers was a reporter with The Next Web in various roles from May 2011 to November 2014. Follow Paul on Twitter: @psawers or check h Paul Sawers was a reporter with The Next Web in various roles from May 2011 to November 2014. Follow Paul on Twitter: @psawers or check him out on Google+.

Earlier this week, news emerged that up to 5 million Gmail usernames and passwords were published to a Russian Bitcoin forum, though Google said that it didn’t believe any of it was the result of a security breach at its end.

Now, Automattic, which operates hosted blogging service WordPress.com, has revealed it has taken pre-emptive measures to secure thousands of its own accounts.

While the company’s quick to point out that the Gmail security breach is in no way connected to WordPress itself, given that a slew of emails on the list matched email addresses used by WordPress.com bloggers, it has reset 100,000 accounts that use the same password as the associated Gmail addresses on the list.

“We also sent email notification of the password reset containing instructions for regaining access to the account,” explained Automattic’s Daryl Houston.”

Those affected were asked to hit the Login button on the homepage and request a new password.

If nothing else, this serves as a timely reminder that it’s never wise to use the same password across multiple online services. If one of your accounts its breached, this makes it infinitely easier for miscreants to cause you even more bother.

To add an extra layer of security to your online accounts, it’s also worth checking if they support two-step verification – which WordPress.com actually does.

Automattic revealed that it found 600,000 other matching email addresses on the leaked Gmail list, though these didn’t use the same passwords as their WordPress accounts, so weren’t reset.

Also tagged with