False Syria Reports: Reuters was running outdated WordPress
Last Friday, the journalist's blog from Reuters began publishing false reports of the situation in Syria. The false reports were publishable because the British news agency was using an outdated version of WordPress which contained a number of publicly known vulnerabilities, according to a blog posting on the Wall Street Journal.
The WSJ cites Mark Jaquith, one of the leading developers of the open source blogging platform, who says that Reuters was running version 3.1.1 of WordPress at the time of the hacking instead of the current version, 3.4.1. Since 3.1.1, a number of security holes have been closed in the software. Attacks on outdated WordPress installations have become quite common. Last year, thousands of WordPress blogs were used to spread malicious code. According to Jaquith, WordPress installations automatically notify users of updated versions and offer an automatic update feature.
Reuters parent company, Thomson Reuters, has yet to make a comment on the incident and the initiators of the hacking attack remain unknown.