Millions of blogs hosted on WordPress.com can breathe a sigh of relief – although a hacker did manage to break into thousands of sites and publish a make-money-fast advert, it wasn’t because of any vulnerability on the WordPress.com site itself.
Instead, it seems users had simply been careless with their password security.
The alert was initially raised by The Hacker News (THN) and Sucuri, after some blog owners received messages from WordPress.com telling them that their passwords had been reset.
One affected WordPress.com user told THN that he had discovered hackers had published a page containing a money-making advertisement (pictured below).
A Google search for
site:wordpress.com “Im getting paid!”
finds evidence of thousands of sites that suddenly found they had unwittingly published “Im getting paid!” webpages…
Read more in my article on the Naked Security website.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.