If you regularly access WordPress.org for their forums or make updates to published plugins then you are going to need to reset your password.

According to Matt Mullenweg over at the WordPress.org blog a blanket password change was forced earlier today across the site due to what appears to be a breach of some users credentials.

Earlier today the WordPress team noticed suspicious commits to several popular plugins (AddThis, WPtouch, and W3 Total Cache) containing cleverly disguised backdoors. We determined the commits were not from the authors, rolled them back, pushed updates to the plugins, and shut down access to the plugin repository while we looked for anything else unsavory.

To use the forums, trac, or commit to a plugin or theme, you’ll need to reset your password to a new one. (Same for bbPress.org and BuddyPress.org.)

Second, if you use AddThis, WPtouch, or W3 Total Cache and there’s a possibility you could have updated in the past day, make sure to visit your updates page and upgrade each to the latest version.

I use W3 Total cache on this site and although I did not see an update earlier in the day – this evening at about 7:30 PM EST I was prompted to update the plugin.  This would have been the update Matt mentions they pushed out after resetting the plugin code.

I am keeping an eye on Twitter to see if I catch wind of any issues with that plugin as the news spreads around.  More to follow as we hear what happened over the next few days.