WordPress Hack Puts Government and Commercial Clients at Risk

Continuing the trend in recent weeks of high-profile sites being attacked, the open source blog program WordPress announced that it was hacked on Wednesday and the hackers potentially made off with "anything." In a note posted on the WordPress webblog, founder Matt Mullenweg stated "Tough note to communicate today: Automattic had a low-level (root) break-in to several of our servers, and potentially anything on those servers could have been revealed." Mullenweg went on to state that "break-in was limited but proprietary information could have been accessed."

While the extent of the hack is unknown, it potentially could have compromised customer information across the extensive 18 million publishers that use WordPress. Among the information potentially compromised is site source code, including possibly API keys and social media passwords.

The breach is troubling as it not only demonstrates that hackers appear to be refocusing attention on corporate sites (is it just me or does it feel like we've had an uptick?), but also shows how our increasingly interconnected use of technology can be easily compromised. A simple blog site maintained by a corporate interest and using WordPress could now, as a result of the attack, put government and private sector clients at risk.

While the verdict is still out on who committed the crime, it is clear that some action needs to be taken on the cybersecurity front to prevent the spread of personally identifiable information and other sensitive information. The current patchwork of laws and regulations regarding data security and data breach isn't sufficient.