WordPress.org 'Password Resets' Due to Compromised 'AddThis, WPtouch, W3 Total Cache' Plugins

WordPress.org reporting that they've noticed suspicious commits to several popular plugins (AddThis, WPtouch, and W3 Total Cache) containing cleverly disguised backdoors.'We determined the commits were not from the authors, rolled them back, pushed updates to the plugins, and shut down access to the plugin repository while we looked for anything else unsavory," said the team."We're […]

WordPress.org reporting that they've noticed suspicious commits to several popular plugins (AddThis, WPtouch, and W3 Total Cache) containing cleverly disguised backdoors.

'We determined the commits were not from the authors, rolled them back, pushed updates to the plugins, and shut down access to the plugin repository while we looked for anything else unsavory," said the team.

"We're still investigating what happened, in the meantime as a prophylactic measure we've decided to force-reset all passwords on WordPress.org. To use the forums, trac, or commit to a plugin or theme, you'll need to reset your password to a new one. (Same for bbPress.org and BuddyPress.org.)," the added.

According to WordPres founder Matt Mullenweg, users who try to log in to WordPress.org will get the following message, "On June 21, 2011, we reset all passwords, so you'll need to request a new one if you haven't already."

Mullenweg tells that WordPress.org itself was not hacked, but that some plugins author accounts were, "There are 15k plugins so happens sometimes. We haven't pissed of LulzSec yet. :)"

Finally, if you use AddThis, WPtouch, or W3 Total Cache, make sure to visit your updates page and upgrade each to the latest version.

[Source: WordPress]

About The Author

Deepak Gupta is a IT & Web Consultant. He is the founder and CEO of diTii.com & DIT Technologies, where he's engaged in providing Technology Consultancy, Design and Development of Desktop, Web and Mobile applications using various tools and softwares. Sign-up for the Email for daily updates. Google+ Profile.