Automattic, the company behind WordPress.com has disclosed that several of its servers have been breached. In a blog post on the company's official blog, founding developer Matt Mullenweg wrote: "Automattic had a low-level (root) break-in to several of our servers, and potentially anything on those servers could have been revealed." 

Mullenweg admitted that the company's investigations led the company to presume that "sensitive bits" of its own, as well as partners' code, were likely to have been copied. The company did not specify which of its VIP customers on WordPress.com were affected.

A root level compromise would give hackers the same authority as a legitimate system administrator working for Automattic. It's the worst sort of news any company will want to admit to. Of course, the full extent of the damage would depend on the actual data that the hackers got away with. To be clear though, the break in does not affect users hosting the popular WordPress blog software on their own domains. 

Even as Automattic continues its investigations, Mullenweg noted that it's "never a bad idea to update your password" in responses to questions posted on the company's blog. Still, the assertion that any stolen passwords would be difficult to crack alludes to the fact that the passwords were salted, which at least represents a sliver of good news.

For more on this story:
- check out this blog at WordPress
- check out this article at InformationWeek
- check out this article at eWeek
- check out this article at MSNBC

Related Articles:
Wordpress.com bit by 'extremely large' DDoS attack 
WordPress 3.0 blogging software has been released 
WordPress outage takes down 10 million blogs