So today I noticed I had 6 more administrator accounts in WordPress than I'm supposed to have!
At first I thought someone in our company had mistakenly setup some accounts, but I asked around and no one had. Then I noticed that all these new accounts had a similar naming convention. Here are the unknown account details:
AidenD AidenD@gmail.com AlexisB AlexisB@gmail.com AlexT AlexT@gmail.com BaileyK BaileyK@gmail.com ColtonM ColtonM@gmail.com DylanB DylanB@gmail.com
I think my site was compromised. I've been running 3.0.1 since it came out, but this could have happened before an upgrade in the past. I've gone through the user registration emails, and none of these names came through (which makes me even more suspicious).
My site (www.popmag.com.au) hasn't shown any unintended results, so I don't think we have been attacked, but we have been compromised.
At the moment I've bumped all suspect users down to Subscribers pending my investigation.
Any ideas? Have you heard of this before?