Home page logo
/

isn logo Information Security News mailing list archives

Drupal resets account passwords after detecting unauthorized access
From: InfoSec News <alerts () infosecnews org>
Date: Thu, 30 May 2013 02:28:35 -0500 (CDT)

https://www.computerworld.com/s/article/9239613/Drupal_resets_account_passwords_after_detecting_unauthorized_access

By John Ribeiro
IDG News Service
May 29, 2013

Drupal.org has reset account passwords after it found unauthorized access to information on its servers.

The access came through third-party software installed on the Drupal.org server infrastructure, and was not the result of a vulnerability within Drupal, the open source content management software provider said in a security update late Wednesday on its website.

The information exposed includes user names, email addresses, and country information, as well as hashed passwords. The breach has affected user account data stored on Drupal.org and groups.drupal.org, and not on sites running Drupal software. Drupal.org is the volunteer-run home of the Drupal project, which keeps track of the Drupal code and contributed work, while Drupal Groups is used by the community to organize and plan projects.

Investigations are still going on and Drupal may learn about other types of information that may have been compromised, wrote Holly Ross, executive director of (Drupal Association, which maintains the Drupal.org site.

[...]


______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org

  By Date           By Thread  

Current thread:
  • Drupal resets account passwords after detecting unauthorized access InfoSec News (May 30)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]