Just found out earlier today that some of the WordPress.com servers were hacked. Matt Mullenweg revealed the incident and posted a warning about passwords via the WordPress.com blog. Although the hacks were low-level, there’s a possibility that all or any of the information kept on those servers could’ve been revealed.
Matt Mullenweg has this to say about the incident:
We have been diligently reviewing logs and records about the break-in to determine the extent of the information exposed, and re-securing avenues used to gain access. We presume our source code was exposed and copied. While much of our code is Open Source, there are sensitive bits of our and our partners’ code. Beyond that, however, it appears information disclosed was limited.
Even though WordPress passwords are hard to crack because they use phpass – a Portable PHP password hashing (password encryption) framework, it’s still a good idea to update your password after an event like this. Additional advise for WordPress.com users – use strong passwords (at least 8 characters – using combinations of letters, numbers and characters), use different passwords for different sites and never use the same password for two different sites.
Please take note that the ones affected by this hacking incident are blogs hosted on WordPress.com not WordPress.org (self-hosted blogs). However, if you run a self-hosted blog but also have a WordPress.com account, make sure that you don’t use the same password for both sites.
