Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Drupal Forces Password Resets After Breach Discovery

Drupal.org, home to one of the Web’s most popular Content Management System (CMS) platforms, has issued an alert to community members and reset all account passwords after their infrastructure and security teams discovered malicious files on a server.

Drupal.org, home to one of the Web’s most popular Content Management System (CMS) platforms, has issued an alert to community members and reset all account passwords after their infrastructure and security teams discovered malicious files on a server.

According to the notice posted on Wednesday, the Drupal.org Security Team discovered malicious files on association.drupal.org servers, which were placed there by attackers who targeted a third-party application used by that site. Drupal stressed that the incident doesn’t reflect any sort of vulnerability with the Drupal platform itself.

The malicious files discovered may have exposed user information stored on Drupal.org and groups.drupal.org, including usernames, email addresses, and country information, as well as hashed passwords. As a precaution, Drupal has reset all account passwords, and users will be forced to change them on their next login. Credit card information is not stored by Drupal, the organization said, and they have seen no evidence that suggest that such details were intercepted by the attackers.

“However, we are still investigating the incident and may learn about other types of information compromised, in which case we will notify you accordingly,” they said.

Drupal said that while all of the latest stored passwords are salted and hashed, a process that makes cracking them extremely difficult assuming the attackers didn’t have access to the salts, some older passwords on groups.drupal.org were not salted.

Their advisory also warns users to “be cautious” should they receive e-mails asking for personal information and “be on the lookout for unwanted spam.” Likewise, users should be immediately suspicious of emails that threaten account closures for failure to take immediate action to provide personal information.

Advertisement. Scroll to continue reading.

At present, there have been no reports online or by Drupal of people seeing such emails.

“We would also like to acknowledge that we are conducting an investigation into the incident, and we may not be able to immediately answer all of the questions you may have. However, we are committed to transparency and will report to the community once we have an investigation report,” the advisory adds.

In addition to password resets, Drupal said they also they hardened Apache configurations, and created static copies of sites that were no longer going to receive feature or content updates to minimize maintenance.

Additional details are available here

Written By

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

BlueVoyant has appointed Ravi Subramanian as CFO and Jamie Coleman as CCO.

Solana Foundation has appointed Michael Coates as Chief Information Security Officer.

Michael Sikorski has joined Coinbase as Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.