Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×

Submission + - Drupal.org user accounts compromised (drupal.org)

An anonymous reader writes: The Drupal.org team released a bulletin this evening notifying users of a breach in their infrastructure. From the bulletin:

The Drupal.org Security Team and Infrastructure Team has discovered unauthorized access to account information on Drupal.org and groups.drupal.org. This access was accomplished via third-party software installed on the Drupal.org server infrastructure, and was not the result of a vulnerability within Drupal itself. This notice applies specifically to user account data stored on Drupal.org and groups.drupal.org, and not to sites running Drupal generally. Information exposed includes usernames, email addresses, and country information, as well as hashed passwords... All Drupal.org passwords are both hashed and salted, although some older passwords on some subsites were not salted

Users are encouraged to update their Drupal.org passwords and the passwords of any accounts that could be linked via the compromised information.

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Drupal.org user accounts compromised

Comments Filter:

Not only is UNIX dead, it's starting to smell really bad. -- Rob Pike

Working...