The attack was performed by Syrian Electronic Army. The hackers were able to breach MasterCard’s blog and create a new blog post on the website. They possibly did this using a known Cross-site request forgery (CSRF) exploit available on internet for WordPress 3.3.2, which allows attacker to add new admin users by employing a bit of social engineering. http://alrt.co/UYQI4h
Takeaway: WordPress and its plug-ins are always primary attack vectors for many attacks. You should always be using the latest version of your software, especially if you’re a major company that is often targeted by hackers. Also, if you’re not using the latest version of WordPress, upgrade immediately.