On Friday 3rd August 2012 Reuters.com announced that it was a victim of a hack attack. Reuters.com blogging platform (WordPress) was compromised and attackers posted several fake news articles that were attributed to its reporters. Parent company of Reuters.com, Thomson-Reuters said that along with the false news articles an interview with the head of the Free Syrian Army was included.
According to Mark Jaquith, one of the WordPress platform lead developers and member of the WordPress Security Team, Reuters.com was using an old version of WordPress which had known security issues. Specifically, Reuters.com was using version 3.1.1 instead of the latest version 3.4.1, which is updated with most recent security patches.
In addition, Mark Jaquith , mentioned that WordPress platform has several update notifications and an automated update feature in order to help users keep their WordPress version up-to-date including latest security patches. Dave Bartoletti, Forrester’s Research analyst said that many customers mistakenly assume that cloud vendors would take care of their security in any case.
That is not true. In the particular case, WordPress has released the appropriate security patches but Reuters.com did not update to the latest WordPress version which allowed attackers to compromise its blogging platform and security.
Lesson learnt from Reuters hacking incident
Having your WordPress version up-to-date is a core issue of your website’s security. Ensure that you get notified about any WordPress updates. Acunetix Web Vulnerability Scanner can also detect old vulnerable versions of WordPress and WordPress plugins. Start your free 14-day trial today.