WordPress hoster hacked, data breach, see:
https://wpengine.com/support/infosec/As I said by many occasions WP has a lot of security issues, like oudated versions used, outdated or left plug-ins,
this was found on that site we discuss here: ditty-news-ticker latest release (2.0.4)
http://dittynewsticker.com/Not at this site but often for WP sites User Enumeration and Directory Indexing is enabled, a dangerous security misconfiguration!
The hacked website in question also had jQuery libraries that should come retired asap:
Detected libraries:
jquery - 1.8.3 : -https://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js
Info: Severity: medium
http://bugs.jquery.com/ticket/11290http://research.insecurelabs.org/jquery/test/jquery-ui-dialog - 1.9.2 : -https://ajax.googleapis.com/ajax/libs/jqueryui/1.9.2/jquery-ui.min.js
Info: Severity: medium
http://bugs.jqueryui.com/ticket/6016jquery-ui-autocomplete - 1.9.2 : -https://ajax.googleapis.com/ajax/libs/jqueryui/1.9.2/jquery-ui.min.js
jquery-ui-tooltip - 1.9.2 : -https://ajax.googleapis.com/ajax/libs/jqueryui/1.9.2/jquery-ui.min.js
Info: Severity: high
http://bugs.jqueryui.com/ticket/8859jquery - 1.6.4 : -https://cdn.optimizely.com/js/836340079.js
Info: Severity: medium
http://bugs.jquery.com/ticket/11290http://research.insecurelabs.org/jquery/test/4 vulnerable libraries detected
And that at a hosting website where users go to find security they can trust
polonus (volunteer website security analyst and website error-hunter)
