according to foreign media reports, due to some popular plug-ins are implanted backdoors, WordPress.org after taking appropriate measures to reset all passwords.
WordPress.org just released a message on its blog:
earlier today, the WordPress team found some suspicious behavior, some popular plug-ins (AddThis, WPtouch and W3 Total Cache) contains a cleverly disguised backdoor. We have found that this behavior is not the plugin author as we pulled the plug on the back door there, the plug-in has been updated, we temporarily closed plug-in library access for other similar malicious plug-ins."
WordPress.org founder Matt Mullan Viggo (Matt Mullenweg) said, because of the hot plug appeared the suspected backdoor, WordPress.org has decided to re set the password of all WordPress.org, bbPress.org and BuddyPress.org.
WordPress.org users will receive the following information in the log on the forum, using trac or call a plugin or theme: "in June 21, 2011, we reset all passwords, if you have a new password, please request a new password." Viggo said the change password will affect the 2 million users of WordPress.org.
Mu Lan Viggo said, WordPress.org itself has not been hacked, but some of the plugin author’s account was stolen by hackers, hackers may have any impact on the user to download malicious plug-ins.