This follows news from last week which emerged that up to 5 million Gmail usernames and passwords were published to a Russian Bitcoin forum, though Google said that it didn’t believe any of it was the result of a security breach at its end.
The company is quick to point out that the Gmail security breach is in no way connected to WordPress itself, given that a slew of emails on the list matched email addresses used by WordPress.com bloggers, it has reset 100,000 accounts that use the same password as the associated Gmail addresses on the list.
“We also sent email notification of the password reset containing instructions for regaining access to the account,” explained Automattic’s Daryl Houston.”
Those affected were asked to hit the Login button on the homepage and request a new password.
If nothing else, this serves as a timely reminder that it’s never wise to use the same password across multiple online services. If one of your accounts its breached, this makes it infinitely easier for miscreants to cause you even more bother.
To add an extra layer of security to your online accounts, it’s also worth checking if they support two-step verification – which WordPress.com actually does.
Automattic revealed that it found 600,000 other matching email addresses on the leaked Gmail list, though these didn’t use the same passwords as their WordPress accounts, so weren’t reset.