A comment on the Linux Mint blog indicates that a WordPress exploit was the cause of their recent hack.
I’ll ask this question, without knowing the intrinsic details, or any specific details other than what has been posted above; did the breach have anything to do with the fact that you’re running WordPress?
Best wishes and thanks for the heads up.
Edit by Clem: Yes, the breach was made via wordpress. From there they got a www-data shell.
A later comment sheds a bit more light.
Could you give a detailed description on how they managed to get in via WordPress?. I’m curious whether it is a 0-day exploit due to bug in WordPress core or whether it was caused by plugins that you’re running. If it’s due to core WordPress bug then every WordPress websites out there is in serious problem.
Edit by Clem: No plugins, latest WP, but a custom theme and lax file permissions for a few hours. The security experts will probably find the exact cause. At the moment there’s no indication it’s related to WP core (we’d probably see a lot more sites being hacked right now, this seems to be targeted specifically at us).
Having recently attended a penetration testing seminar, and noticing how often WordPress was mentioned/targeted, I’m not in the least surprised by this news. Anyhow, I hope Clem shares more details, if and when they become available.