While the individuals responsible for the recent hijacking of Reuters’ blogging platform and one of its Twitter accounts are still unknown, it has emerged that the attackers likely managed to hack the former because Reuters still used an older version of WordPress.
Mark Jaquith, a lead developer of the WordPress core and a member of the WordPress security team, has shared with the WSJ that instead of the current version (3.4.1) Reuters was using version 3.1.1 of the popular blogging software – an iteration with a number of publicly known security issues.
“If organizations ignore (update) notifications and stay on an outdated version, then they put themselves at risk of these sorts of breaches,” he commented.
I can’t help but noticing that this case and the one of the recent Gizmodo Twitter account hack should teach us all number of valuable lessons. Yes, the attackers are mostly to blame, but in Reuters’ case, someone from the company should have been on top of keeping the software updated.
In Gizmodo’s, someone should have dissociated the tech blog’s Twitter account from that of Mat Honan once he was no longer writing for the site.
And in Honan’s case, he should have used added security where it was available, backed up his work computer occasionally, and not tied several of his most important accounts together.
We should demand good security of our providers, but never forget that we should also do what is in our power to keep ourselves secure.