Mark Jaquith, a lead developer of the WordPress core and a member of the Wordpress security team, has shared with the WSJ that instead of the current version (3.4.1) Reuters was using version 3.1.1 of the popular blogging software - an iteration with a number of publicly known security issues.
"If organizations ignore (update) notifications and stay on an outdated version, then they put themselves at risk of these sorts of breaches,” he commented.
I can't help but noticing that this case and the one of the recent Gizmodo Twitter account hack should teach us all number of valuable lessons. Yes, the attackers are mostly to blame, but in Reuters' case, someone from the company should have been on top of keeping the software updated.
In Gizmodo's, someone should have dissociated the tech blog's Twitter account from that of Mat Honan once he was no longer writing for the site.
And in Honan's case, he should have used added security where it was available, backed up his work computer occasionally, and not tied several of his most important accounts together.
We should demand good security of our providers, but never forget that we should also do what is in our power to keep ourselves secure.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.