This is an attack that could happen to any site, Wordpress is irrelevant here. I know people like to bash and blame Wordpress for security issues, but in this instance it was the person who received the email that is to blame for not being diligent and aware of such attacks.
In this case, the email WOULD HAVE HAD a big green bar at the top. It was an email from a legitimate contact at VICE media who's email account had been compromised... possibly via something like the Target database leak.
13 comments
[ 3.4 ms ] story [ 44.8 ms ] threadfacepalm
The blame lies on IT departments who won't implement email authentication systems that have existed for years.
There should be a big green bar at the top of emails from people I would be likely to trust.
In both cases, WP-powered sites were attacked.
That is not cracking, which is also not hacking.