Drupal.org hacked, the attackers got the information about users

Posted: May 30, 2013 in IT Security News
Tags: , ,

Drupal logo

Drupal.org hacked

Drupal.org hacked, you need to change passwords

Passwords are almost a million users of the service have been dumped Drupal.org administration, after hackers managed to gain unauthorized access to private user data.

Drupal.org – this is the official website of popular open source content management system.

Hacking is the result of an attack carried out in respect of an unnamed third-party application that works with Drupal, and not by the CMS system as such, said Holly Ross, executive director of the Drupal Association blog. During the attack were skompropetirovany user names, email addresses, information about the country and cryptographically secure passwords. However, while the analysis is not complete, and some additional data could also be in the hands of the organizers of the attack.

“Malicious files were placed on the server association.drupal.org through independent application that is used by the server. Once the files have been identified during the audit, we have disabled the appropriate servers and checked the rest of the car. Drupal Security Team Team began an investigation and assessment of the incident and found leaking user data “– says Ross.

In Drupal say that hackers could not modify the source code itself CMS-system, which is in development, but also did not have access to financial data.

Drupal has also reported that on most servers deployed system grsecurity, and tightened the settings in the configuration files of Apache. There is also a standard security settings have been added anti-virus scanning and other procedures.

Drupal has not provided specific technical data on sales in their address attack.

Account holders can change passwords at https://drupal.org/user/password

Recall that just last week, antivirus companies warned of a malicious code Linux / Cdorked, compromising Linux-servers running on the basis of nginx and Lighttpd.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s