According to the Automattic and WordPress founder Matt Mullenweg ,incident was a low-level root access breach.they have said that the company is reviewing its data logs to figure out what information may have been stolen and is working on patching any holes in its security.
It seems unlikely that personally identifiable user information was taken during the attack, but Automattic has yet to complete its investigation.
“We presume our source code was exposed and copied,” Mullenweg stated on the company’s blog. “While much of our code is open source, there are sensitive bits of our and our partners’ code. Beyond that, however, it appears information disclosed was limited.”
In 2009 WordPress was the target of a high-profile attack that utilized a security exploit in its popular blogging software to create new “hidden” administrator accounts.
This time it is different .If you host a WordPress.org website on your own servers, you shouldn’t be affected, but Automattic suggests that you make sure your various online accounts utilize a variety of strong passwords.