Drupal.org, home to one of the Web’s most popular Content Management System (CMS) platforms, has issued an alert to community members and reset all account passwords after their infrastructure and security teams discovered malicious files on a server.
According to the notice posted on Wednesday, the Drupal.org Security Team discovered malicious files on association.drupal.org servers, which were placed there by attackers who targeted a third-party application used by that site. Drupal stressed that the incident doesn’t reflect any sort of vulnerability with the Drupal platform itself.
The malicious files discovered may have exposed user information stored on Drupal.org and groups.drupal.org, including usernames, email addresses, and country information, as well as hashed passwords. As a precaution, Drupal has reset all account passwords, and users will be forced to change them on their next login. Credit card information is not stored by Drupal, the organization said, and they have seen no evidence that suggest that such details were intercepted by the attackers.
“However, we are still investigating the incident and may learn about other types of information compromised, in which case we will notify you accordingly,” they said.
Drupal said that while all of the latest stored passwords are salted and hashed, a process that makes cracking them extremely difficult assuming the attackers didn’t have access to the salts, some older passwords on groups.drupal.org were not salted.
Their advisory also warns users to “be cautious” should they receive e-mails asking for personal information and “be on the lookout for unwanted spam.” Likewise, users should be immediately suspicious of emails that threaten account closures for failure to take immediate action to provide personal information.
At present, there have been no reports online or by Drupal of people seeing such emails.
“We would also like to acknowledge that we are conducting an investigation into the incident, and we may not be able to immediately answer all of the questions you may have. However, we are committed to transparency and will report to the community once we have an investigation report,” the advisory adds.
In addition to password resets, Drupal said they also they hardened Apache configurations, and created static copies of sites that were no longer going to receive feature or content updates to minimize maintenance.
Additional details are available here.
More from Steve Ragan
- Anonymous Claims Attack on IP Surveillance Firm Brickcom, Leaks Customer Data
- Workers Don’t Trust Employers with Personal Data: Survey
- Root SSH Key Compromised in Emergency Alerting Systems
- Morningstar Data Breach Impacted 184,000 Clients
- Microsoft to Patch Seven Flaws in July’s Patch Tuesday
- OpenX Addresses New Security Flaws with Latest Update
- Ubisoft Breached: Users Urged to Change Passwords
- Anonymous Targets Anti-Anonymity B2B Firm Relead.com
Latest News
- Big China Spy Balloon Moving East Over US, Pentagon Says
- Former Ubiquiti Employee Who Posed as Hacker Pleads Guilty
- Cyber Insights 2023: Venture Capital
- Atlassian Warns of Critical Jira Service Management Vulnerability
- High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation
- Exploitation of Oracle E-Business Suite Vulnerability Starts After PoC Publication
- China Says It’s Looking Into Report of Spy Balloon Over US
- GoAnywhere MFT Users Warned of Zero-Day Exploit
