So, that happened…
From ZDNet:
Mark Jaquith, one of the WordPress platform lead developers and member of the WordPress Security Team, told the WSJ that Reuters was using “an old version” of the software that has “publicly known security issues.” More specifically, the publication was using version 3.1.1. The current version is 3.4.1.
This is a textbook mistake. You should always be using the latest version of your software, especially if you’re a major company that is often targeted by hackers.
Reuters hacked due to the fact that the software not updated but, that screen shot above was taken at 1:44 pm eastern…Aug 7. They have still not updated the site.
Source: Article Link
It isn’t know how the attackers got access to their site. Yes, Reuters was running an out-of-date version of WordPress, but that doesn’t mean that’s how the attackers got in.
@Mark Thanks for the comment. I guess you could understand my confusion based on your quote “This is a textbook mistake. You should always be using the latest version of your software, especially if you’re a major company that is often targeted by hackers.” So, you’re saying categorically that this is *not* how the ne’er do wells breached the system?
http://secunia.com/advisories/49726/
http://secunia.com/advisories/47371/
http://secunia.com/advisories/48957/
In order of preference.
Sadly, Reuters was warned by WordPress for months about the old version. I received about 10-15 automatic emails from wordpress about my blog. This was completely avoidable and somewhat silly.