Please send.

I want—more than real estate, anyway.

You guys are both hitting the right questions and, while I know the answers to some of the issues, I’m honestly not sure what is appropriate to make public, so I’m being quiet in terms of the actual technologies being used by the various domains… other than to say it is definitely a wordpress backend since I made that public on numerous occasions when I worked at Move (and helped design the original implementation of the platform). Nonetheless, the questions you both are raising are extremely valid and, in my opinion, deserve answers.

“There was spam injected into posts, this could be from caused by many things, all of which we are forced to speculate about…. was the server breached? was it a faulty plugin? was personal data compromised? That’s the point….”

We 1000% agree here and I wish we knew more because the problem they are facing, we’re all exposed too as well – as we all use the same engine.

“is a responsibility to keep the community informed…. it’s good for both parties.”

I do not have an account with talk.realtor.com to write on this blog nor does it appear any other agents do either- I could be missing something here, but here is why I see a problem:

talk.realtor.com is a directory (where the breaches took place) that has closed comments and does not appear to actually host contributors- it simply links out to:

*.featuredblog.com

so talk.realtor.com allows you to feedreader all of the content on a dialy basis writen on each individual featuredblog.com accounts and is actually a pretty neat form of daily directory of posts – this was compromised, and there are no outside user accounts- which from a security standpoint makes sense.

*.featuredblog.com/ appears to be subdomained user accounts hosted seperately from one another- non-multi-user, which would mean nothing has been exposed?

So, if anything, they could communicate with us what engine they’re running and a fix they dream up for the the problem on talk.realtor.com , but it appears to me that the priority data to protect is fine on individual.featuredblog.com?

There was spam injected into posts, this could be from caused by many things, all of which we are forced to speculate about…. was the server breached? was it a faulty plugin? was personal data compromised? That’s the point…. we don’t know. whether or not the information that might have been compromised is information like a social or the like is irrelevant…. there is a responsibility in guarding ANY personal data…. and at this point, there may have been no compromised data or extensive data compromised…. nobody knows and that is exactly the point, when something happens there is a responsibility to keep the community informed…. it’s good for both parties.

Todd: I obviously agree with your last sentiment. It’s not the hacking that’s news, it’s what they did afterward that’s news.

and Danilo… I suspected you weren’t too sorry.

Thanks for noticing the post. (And I’m not THAT sorry)

Anyway, I agree with Trace that this is noteworthy. The main reason is that REALTOR.com is in the “business” of hosting blogs for real estate agents.

Even if they are offering them for free, we all know that blogs are not free. Nobody want to put a bunch of work into something that might eventually embarrass them.

For every agent that associates their name with one of these blogs, I would think it would be important to know how competent or dedicated the guys running the network are.

People get hacked, that’s not news. What they do once they’ve been hacked is newsworthy, especially when they are also responsible for protecting hundreds of other professionals from a similar fate.

You make a very good point. The only element that has been compromised (as far as I can tell) was a single blog hosted at http://talk.realtor.com.

Realtor.com is not run on wordpress, user identification on realtor.com hasn’t been proven to have been compromised, a wordpress blog with a known vulner is the problem. This isn’t credit cards and social security numbers we’re talking about here.

Unless you are reporting as fact that Realtor.com has in fact been hacked and user records have been breached? I’m unclear.