Drupal.org andgroups.drupal.org Hacked via Third-Party App, login credentials of users compromisedAccording to an announcement from one of the Drupal representative The Drupal security Team has discovered unauthorized access to account information on Drupal.org and groups.drupal.org.
They also mentioned the unauthorized access to account information was from a third-party software installed on the Drupal.org server infrastructure, and was not the result of a vulnerability within Drupal itself.Sites running Drupal are not affected and theres no evidence that credit card numbers have been intercepted.Information exposed includes usernames, email addresses, and country information, as well as hashed passwords.Drupal have resetted all passwords, which can be seen by users when they are trying to login.
Here is how drupal said to reset the password,A user password can be changed at any time by taking the following steps.
All Drupal.org passwords are both hashed and salted, although some older passwords on some subsites were not salted.Although there is no evidence that card numbers may have been intercepted, but drupal security team are still investigating the incident.
Read More
source: www.techworm.net
