Infosec of State
Among the alarming events still unfolding in the United States, there have been two political and security-related stories touching WordPress.
First, there was the notice Monday afternoon of President Donald Trump’s biography on the State Department website showing the president’s “term ended” on January 11. Since the site runs on WordPress, some people assumed this was a hack of WordPress itself and therefore an indication of some defect in the software. According to Christopher Miller for Buzzfeed and widely reported on, the truth appears to be this was not a hack but something “likely caused by a disgruntled staffer.” 🔓
Second, and more widely noticed, was the news that the Parler social network was “leaking data” and was hacked. (Parler is shut down at the time of this writing.)
Some sources reported a top comment on the Reddit thread about this story in r/ParlerWatch points to a third-party WordPress add-on for Twilio, a cloud communications platform, as the culprit for the wide-open vulnerability that led to the hack.
However, the idea that WordPress was ever powering the social engine of Parler isn’t accurate, according to Parler CEO John Matze. Back in November, Matze disputed the rumors that his social media site was hacked at all, and he said “we do not use WordPress products, nor WordPress databases.”
John Feminella has a good Twitter thread I’ll point to on this story. It appears Parler used WordPress for their marketing site — and maybe their eCommerce site, although that wasn’t verified before Parler was taken offline. 🤨
