Drupal resets account passwords after detecting unauthorized access

[InfoSec News <alerts () infosecnews org>]

https://www.computerworld.com/s/article/9239613/Drupal_resets_account_passwords_after_detecting_unauthorized_access

By John Ribeiro
IDG News Service
May 29, 2013

Drupal.org has reset account passwords after it found unauthorized 
access to information on its servers.

The access came through third-party software installed on the Drupal.org 
server infrastructure, and was not the result of a vulnerability within 
Drupal, the open source content management software provider said in a 
security update late Wednesday on its website.

The information exposed includes user names, email addresses, and 
country information, as well as hashed passwords. The breach has 
affected user account data stored on Drupal.org and groups.drupal.org, 
and not on sites running Drupal software. Drupal.org is the 
volunteer-run home of the Drupal project, which keeps track of the 
Drupal code and contributed work, while Drupal Groups is used by the 
community to organize and plan projects.

Investigations are still going on and Drupal may learn about other types 
of information that may have been compromised, wrote Holly Ross, 
executive director of (Drupal Association, which maintains the 
Drupal.org site.

[...]


______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org