WordPress Checks 600,000 Passwords After Gmail Hack

by John
Comments are off for this post.

"wordpress-password-reset"WordPress users can feel safe in the knowledge that the company are constantly working to protect their security after WordPress acted to check and reset passwords that may have become vulnerable following the Gmail hack.

In total about 5 million email addresses and passwords were posted onto a Russian web forum from Gmail and while the details did not directly affect the users of WordPress the company took the step of sorting through the details and resetting passwords that matched those on the list connected to WordPress accounts.

Security officer from WordPress, Daryl L.L. Houston, said: “This week, a group of hackers released a list of about 5 million Gmail addresses and passwords. This list was not generated as a result of an exploit of WordPress.com, but since a number of emails on the list matched email addresses associated with WordPress.com accounts, we took steps to protect our users.”

He explained: “We downloaded the list, compared it to our user database, and proactively reset over 100,000 accounts for which the password given in the list matched the WordPress.com password. We also sent email notification of the password reset containing instructions for regaining access to the account.

“We checked the accounts of 600,000 other WordPress.com users whose email addresses were included in the list. Since these users were not immediately vulnerable, we did not reset their passwords or send emails but will be enabling a notification in their dashboards so that they can assess the security of their passwords at their leisure and with all of this information in hand.”

It is recommended that users have different, strong passwords for the various different sites that they use to prevent their accounts from being hacked easily.  While this may not be practical for all sites it certainly is important to do it for important ones that contain sensitive information or banking details.

WordPress also offers a two-step authentication service to give extra protection to users which works to increase security levels for a site.

While the news that so many email addresses and passwords had been leaked by hackers Gmail have assured users that they have managed to protect all of the active accounts that they could find and have reset the passwords connected to these addresses.

Google added that less than two percent of all the usernames and password combinations that were revealed by the hackers would have worked and that any attempt to hack these accounts would be blocked by the automated ant-hijacking provision from Google.

Share this article

Comments are closed.