WordPress has reset 100,000 accounts as a precautionary measure

It was rather big news when earlier this week, it became known that up to 5 million Gmail usernames and their corresponding passwords were published over at a Russian Bitcoin forum. Google has continued to maintain that they have strong reason to believe that the security breach was none of their fault, but this does not mean that Gmail users should continue using the very same password as though nothing had changed. Automattic, the company that operates hosted blogging service WordPress.com, has taken the route of “better safe than sorry” to reveal that pre-emptive measures have been taken in order to secure thousands of its own accounts – and this is done by resetting 100,000 accounts which use a similar password as that found on the associated Gmail addresses.

Earlier this week, news emerged that up to 5 million Gmail usernames and passwords were published to a Russian Bitcoin forum, though Google said that it didn’t believe any of it was the result of a security breach at its end. Now, Automattic, which operates hosted blogging service WordPress.com, has revealed it has taken pre-emptive measures to secure thousands of its own accounts. While the company’s quick to point out that the Gmail security breach is in no way connected to WordPress itself, given that a slew of emails on the list matched email addresses used by WordPress.com bloggers, it has reset 100,000 accounts that use the same password as the associated Gmail addresses on the list. “We also sent email notification of the password reset containing instructions for regaining access to the account,” explained Automattic’s Daryl Houston.” Those affected were asked to hit the Login button on the homepage and request a new password. If nothing else, this serves as a timely reminder that it’s never wise to use the same password across multiple online services. If one of your accounts its breached, this makes it infinitely easier for miscreants to cause you even more bother. To add an extra layer of security to your online accounts, it’s also worth checking if they support two-step verification – which WordPress.com actually does. Automattic revealed that it found 600,000 other matching email addresses on the leaked Gmail list, though these didn’t use the same passwords as their WordPress accounts, so weren’t reset.