Yesterday I have reported about a huge mysterious hack in wordpress servers, that cause compromise of 15000 wordpress account and hacker managed to post same spam article of “Money making sites” with title – “Im getting paid!” on each blog.

We explained how hacker was earning in thousands of dollars by just sharing his Referral link on all these hacked sites. The campaign include some malicious domains where hacker is redirecting all readers and service from a well known email marketing company – Getresponse.

Using the same dork — “Im getting paid!” , today we tried to find out number of hacked accounts and once again another shocking number – its 59300 blogs in compromised list on 2nd day of hacking campaign.

So many blogs have been compromised without any known method and wordpress team still not in action. As mentioned in last article, yesterday I tried to contact with Getresponse response team whose Email service  is being used in this campaign.

Today I got reply from Aleksandra Pabian – Privacy and Compliance Consultant at Getresponse that, they have taken this issue seriously and after ‘The Hacker News’ report they immediately suspend the account from their service. “Thank you very much for all this information.We have terminated the account you have reported. The user doesn’t have access to this account anymore.” he said. I really appreciate his action to stop this campaign.

Well even the campaign has been stopped for a while. But some questions are still there:
1.) How sudden 60000 wordpress accounts can be compromised ? Is there some vulnerability in wordpress server ?
2.) If wordpress know about the issue and warn the account holders via email, then why more accounts accounts become target and there was no public notice from wordpress team about this issue ?


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Lead Auditor & InfoSec Professional

%d bloggers like this: