Drupal.org Hacked, Resets All Passwords After Account Details Exposed

3 minute read
David Roe avatar

Drupal.org Hacked, web experience
Web content management platform provider Drupal.org has advised its users to reset their passwords after admitting it had been hacked. There were no specifics offered on exactly when the hack had taken place nor how many accounts were compromised, but according to some reports it may impact nearly one million user accounts.

Drupal.org Hacked

It also seems that the user accounts of groups.drupal.org have also been compromised. This is a sub site off the main platform that enables users to establish groups in the real world for real meet-ups.

Details of the hack were publicized in the past 24 hours by Drupal who posted an announcement on its site along with a FAQ outlining what users need to know and what they should do.

According to the post, the breach was discoveredduring a routine security check and says the hack was accomplished through third-party software that was installed on the site and was not the result of a vulnerability in Drupal itself.

This must provide some relief for Drupal, but doesn’t really help users that much. It also points out that the hack only affects those that have user account data stored on Drupal.org and the Groups site and not to sites that are running Drupal generally.

The post also outlines the kind of content that may have been compromised. The exposed information includes usernames, email addresses, country information and hashed passwords.

It also underlines that it does not keep financially sensitive information like account details, credit card details or any other kind of banking details on the platform, so these shouldbe safe too.

Learning Opportunities

Drupal.org Response

In response, Drupal says it has reset all passwords and that users should go to the platform as soon as possible and change the passwords again. The post also outline how to do this.

Drupal says that it has no idea who actually carried out the attack and that it has started a forensic investigation into the incident. It also says it will release more details about the attack when it deems it appropriate.

In the meantime it has introduced a number of changes to head-off any other attacksincluding a complete scan of the platform to see if any other malicious files have been found (so far none have been found).

It is also completely rebuilding its production, staging and development server and has created static archives for older sites for specific events.

It seems hacking is taking on a new fever and no one is exempt from those who seem inclined to wreak havoc across the Internet.