WordPress.com Resets 100,000 Passwords Found in Gmail Leak


Earlier last week, nearly 5 million gmail username and passwords combinations were found publicly leaked on a Russian BitCoin forum, Google had later stated there was no security breach identified on their end.

Automattic, the service which operates the hosted blogging service, WordPress.com, has revealed it has taken proactive measures to secure nearly 100,000 accounts because of the Gmail security breach.

The company quickly addressed the security issue, but pointed out that the Gmail breach was in no way connected to WordPress itself. Automattic outlined that they downloaded the leaked list, compared it with their database, and only forced users to reset their password if it coincided with their WordPress.com password.

“We downloaded the list, compared it to our user database, and proactively reset over 100,000 accounts for which the password given in the list matched the WordPress.com password,” explained Automattic’s, Daryl Houston

Users affected by the breach have been sent email notifications with password reset instructions, Houston explained. Affected users were asked to click the login button on the homepage and request a new password.

This is another timely reminder that it is never a good idea to use the same password more than once across multiple websites. If one account is breached, it makes it easier for attackers to breach a number of accounts across the grid.

For added protection, it is always recommended to enable two-factor authentication where possible, which WordPress.com also provides. Steps to enable two-factor authentication can be found in their blog post.

Automattic also revealed it had found 600,000 email addresses on the leaked Gmail list to match emails of their users, but did not force them to reset their credentials as they did not use the same password. Instead, Automattic has placed a notification in their account dashboard for users to asses their own security.

Photo via Nikolay Bachiyski/Flickr [CC BY 2.0]

About Author

Brandon Stosh is the founder and CEO of www.freedomhacker.net. Stosh is a cyber security researcher and professional consultant who strives to provide reliable news on cyber-security based topics.

Leave A Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.