The developers of the advanced purely-functional programming language Haskell are investigating a data breach identified by the organization’s hosting provider.
Haskell informed users on Saturday via its status page that the domain for Debian packages, deb.haskell.org, had been taken offline following reports of suspicious activity. On Sunday, Haskell confirmed that deb.haskell.org was compromised on February 12, when anomalies were detected in outgoing traffic.
“‘deb.haskell.org` was already offline and suspended shortly after these traffic changes were detected by the host monitoring system, meaning the window for package compromise was very very small. We’re continuing to investigate the breach and the extent to which it might have spread,” Haskell noted.
For the time being, it appears that only the Debian builds are affected. The Web server, the download server, the community infrastructure, mail, wiki, Git repositories, MySQL and other components are not affected, according to Haskell’s status page.
Haskell has several data centers across the world. However, it seems only the Rackspace ORD data center, located in Chicago, is impacted by the security breach.
So far, Haskell hasn’t provided too many details on the data breach and some users are wondering if the attackers might have gained access to package signing keys.
The programming language, which allows developers to rapidly create robust and concise software, was launched 25 years ago. Haskell comes with built-in concurrency and parallelism, profilers, debuggers, rich libraries, and it offers strong support for integration with other languages.
The project is sponsored by organizations such as Rackspace, Galois, DataDog, Fastly, and DreamHost.
