Information Security News
mailing list archives
Drupal resets account passwords after detecting unauthorized access
From: InfoSec News <alerts () infosecnews org>
Date: Thu, 30 May 2013 02:28:35 -0500 (CDT)
By John Ribeiro
IDG News Service
May 29, 2013
Drupal.org has reset account passwords after it found unauthorized
access to information on its servers.
The access came through third-party software installed on the Drupal.org
server infrastructure, and was not the result of a vulnerability within
Drupal, the open source content management software provider said in a
security update late Wednesday on its website.
The information exposed includes user names, email addresses, and
country information, as well as hashed passwords. The breach has
affected user account data stored on Drupal.org and groups.drupal.org,
and not on sites running Drupal software. Drupal.org is the
volunteer-run home of the Drupal project, which keeps track of the
Drupal code and contributed work, while Drupal Groups is used by the
community to organize and plan projects.
Investigations are still going on and Drupal may learn about other types
of information that may have been compromised, wrote Holly Ross,
executive director of (Drupal Association, which maintains the
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
- Drupal resets account passwords after detecting unauthorized access InfoSec News (May 30)