WordPress.org Hacked, Plugin Repository Compromised 110
An anonymous reader writes "Back in April hackers gained access to the WordPress.com servers and exposed passwords/API keys for Twitter and Facebook accounts. Now, hackers gained access to Wordpress.org and the plugin repository. Malicious code was found in several commits including popular plugins such as AddThis, WPtouch, or W3 Total Cache. Matt Mullenweg decided to force-reset all passwords on WordPress.org. This is a great reminder for all users not use the same password for two different services."
Wrong as usual (Score:5, Informative)
The summary is incorrect as usual.
Some contributors' accounts were compromised, resulting in updates containing backdoors appearing from those contributors. The blog entry mentions AddThis, WPtouch and W3 Total Cache. The WordPress.org plugin repository was not hacked.