We explained how hacker was earning in thousands of dollars by just sharing his Referral link on all these hacked sites. The campaign include some malicious domains where hacker is redirecting all readers and service from a well known email marketing company – Getresponse.
Using the same dork — site:wordpress.com “Im getting paid!” , today we tried to find out number of hacked accounts and once again another shocking number – its 59300 blogs in compromised list on 2nd day of hacking campaign.
So many blogs have been compromised without any known method and wordpress team still not in action. As mentioned in last article, yesterday I tried to contact with Getresponse response team whose Email service is being used in this campaign.
Today I got reply from Aleksandra Pabian – Privacy and Compliance Consultant at Getresponse that, they have taken this issue seriously and after ‘The Hacker News’ report they immediately suspend the account from their service. “Thank you very much for all this information.We have terminated the account you have reported. The user doesn’t have access to this account anymore.” he said. I really appreciate his action to stop this campaign.
Well even the campaign has been stopped for a while. But some questions are still there:
1.) How sudden 60000 wordpress accounts can be compromised ? Is there some vulnerability in wordpress server ?
2.) If wordpress know about the issue and warn the account holders via email, then why more accounts accounts become target and there was no public notice from wordpress team about this issue ?