All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits
A now-removed GitHub repository that advertised a WordPress tool to publish posts to the online content management system (CMS) is estimated to have enabled the exfiltration of over 390,000 credentials.
The malicious activity is part of a broader attack campaign undertaken by a threat actor, dubbed MUT-1244 (where MUT refers to "mysterious unattributed threat") by Datadog Security Labs, that involves phishing and several trojanized GitHub repositories hosting proof-of-concept (PoC) code for exploiting known security flaws.
"Victims are believed to be offensive actors – including pentesters and security researchers, as well as malicious threat actors – and had sensitive data such as SSH private keys and AWS access keys exfiltrated," researchers Christophe Tafani-Dereeper, Matt Muir, and Adrian Korn said in an analysis shared with The Hacker News. ...
https://thehackernews.com/2024/12/390000-wordpress-credentials-stolen-via.html
Comments
Is there a summary of what steps a person potentially affected by this should take?
Without reading the article and only what was posted.
Remove the "WordPress Tool" asap. Change ALL API keys, credentials, SSH keys, passwords, or whatever you consider private/sensitive info that can be changed. Audit all machines on the network asap. Reinstall OS if possible if unsure. As always if you actually followed good security guidelines (like least privilege and defense in depth), they should only have access to what wordpress had access to.
Not sure if affect? Check if whatever tools you used are still up. If they aren't, well, audit. If they are either they are legit or hasn't be discovered to be malicious.