The Panama Papers leak is one of the biggest data leaks to date, involving over 100 news publications and 2.6 terabytes of information. Forbes discovered the Panamanian law firm that was hacked was using a site run on a three-month-old version of WordPress.
Forbes also noted that the portal customers use to access their data was allegedly running a three-year-old version of Drupal, and the site contained at least 25 vulnerabilities.
WP Tavern, however, noted that Forbes’ findings aren’t exactly correct.
According to the article, “While looking at the site today, I found that the firm’s WordPress-powered site is currently running on version 4.1 (released in December 2014), based on its version of autosave.js, which is identical to the autosave.js file shipped in 4.1. Since that time WordPress has had numerous critical security updates.”
It isn’t confirmed yet whether or not this directly led to the attack, but it is another lesson in updating software. Security is an issue in the WordPress community and around the web, and developers are working every day to fix issues, but those fixes won’t protect you if you don’t update.