This attack was aimed at defacing our sites, and did not inject malware like the attack that was reported on September 18th by RiskIQ. The only people who have a user account for the WordPress sites affected by these attacks are members of the jQuery team; we do not have any public user registration for any sort of account on any of the affected sites. We are taking steps to re-secure our servers, upgrade dependencies, and address vulnerabilities. We have moved http://jquery.com to a new server only running code we trust.”]
Source: https://blog.jquery.com/2014/09/24/update-on-jquery-com-compromises/

