The massive Gmail leak has met its first casualty in WordPress, which today announced that it was pre-emptively resetting around 100,000 accounts. WordPress which one of the most popular CMS providers across the world took this drastic action when it was reported that up to 5 million Gmail usernames and passwords were published to a Russian Bitcoin forum. The user ids and passwords were found to be mostly old and ancient but the information has sure rung some bells in the tech companies worldwide. Google has since confirmed that this leak was not a result of any security breach at its end.
WordPress Resets 100000 accounts of the 600000 accounts which appeared in the Gmail hack list
Automattic, which operates hosted blogging service WordPress.com, has revealed it has taken pre-emptive measures to secure thousands of its own accounts. When asked for why, WP was taking such a drastic action, Automattic pointed out that the Gmail security breach is in no way connected to WordPress itself but many of the emails leaked by the hacker, matched the email addresses provided by WordPress.com blogger. This reason was sufficient for Automattic to reset 100,000 accounts that use the same password as the associated Gmail addresses on the list.
“We also sent email notification of the password reset containing instructions for regaining access to the account,” explained Automattic’s Daryl Houston.”
Those affected were asked to hit the Login button on the homepage and request a new password.
It is a normal practice for many cyber users to use the same password for most of the client services they use like Gmail, Yahoo, Outlook, their bank accounts etc. The Gmail leak in a way has helped many users realise the safety of having a 2 Step Verification and a separate password for each service. If you havent done so already, you can also click here and set up the 2 Step Verification for your Gmail account.
WordPress.com also offers two Step Verification so all WordPress users and bloggers are requested to avail this service and add an extra layer of security to your online accounts
Automattic also revealed that it found 600,000 other matching email addresses on the leaked Gmail list, though these didn’t use the same passwords as their WordPress accounts, so weren’t reset. However as a safety precaution all WP users are requested to change their passwords ASAP.