Mark Jaquith, a lead developer of the WordPress core and a member of the Wordpress security team, has shared with the WSJ that instead of the current version (3.4.1) Reuters was using version 3.1.1 of the popular blogging software - an iteration with a number of publicly known security issues.
"If organizations ignore (update) notifications and stay on an outdated version, then they put themselves at risk of these sorts of breaches,” he commented.
I can't help but noticing that this case and the one of the recent Gizmodo Twitter account hack should teach us all number of valuable lessons. Yes, the attackers are mostly to blame, but in Reuters' case, someone from the company should have been on top of keeping the software updated.
In Gizmodo's, someone should have dissociated the tech blog's Twitter account from that of Mat Honan once he was no longer writing for the site.
And in Honan's case, he should have used added security where it was available, backed up his work computer occasionally, and not tied several of his most important accounts together.
We should demand good security of our providers, but never forget that we should also do what is in our power to keep ourselves secure.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.