Last week, around 5 million Gmail usernames and their corresponding passwords were leaked at Russian Bitcoin forum. According to Google, the company was not responsible for this security breach. But Gmail password leakage is a big factor to Automattic, the company that operates hosted blogging service wordpress.com. However now, Automattic has revealed that it has preemptively reset 100,000 accounts as a precaution over recent Gmail password leaks.
Such steps of Automattic can be called “better safe than sorry.” According to WordPress, the Gmail security breach is in no way connected to WordPress itself. But many Gmail addresses that have been leaked recently, match with the email addresses used by WordPress.com bloggers. So, it has reset 100,000 accounts that use the same password as the associated Gmail addresses on the list. On the other hand, Automattic has found 600,000 other matching email addresses on the leaked Gmail list, though these didn’t use the same passwords as their WordPress accounts, so have not been reset.
Daryl L. L. Houston from Automattic has said, “This list was not generated as a result of an exploit of WordPress.com, but since a number of emails on the list matched email addresses associated with WordPress.com accounts, we took steps to protect our users. We also sent email notification of the password reset containing instructions for regaining access to the account.”
Due to WordPress’ such step, affected users now have to visit WordPress.com, hit the Login button on the homepage and then they have to enter a new password. Whatever the case is, one should always take the necessary precaution not to use a similar password across a range of different online services, regardless of how much more convenient it is.
Source: WordPress (Blog)