WordPress.org Hacked, Plugin Repository Compromised 110
An anonymous reader writes "Back in April hackers gained access to the WordPress.com servers and exposed passwords/API keys for Twitter and Facebook accounts. Now, hackers gained access to Wordpress.org and the plugin repository. Malicious code was found in several commits including popular plugins such as AddThis, WPtouch, or W3 Total Cache. Matt Mullenweg decided to force-reset all passwords on WordPress.org. This is a great reminder for all users not use the same password for two different services."
Re:Year of the Hacker (Score:5, Insightful)
A great reminder? (Score:5, Insightful)
Not it's not. Not even slightly.
The amount of mental effort required by users to memorise a different password for every internet site is at best unreasonable, if not a completely insane idea. While using the same password for Hotmail and internet banking is really not a good idea, using the same password for wordpress.com and wordpress.org is just common sense for people who don't have a photographic memory.
Blaming the user here is unreasonable.