Once again a big website hacked. This time, it was Drupal.org, website of popular content management system. Number of affected accounts was not announced, but it appears that more than one million accounts are affected.
Drupal has already started sending emails to affected users and forcing them to change password. If you are one of the affected users, you will receive email about this and you will have to change your password before regaining access to your drupal account.
At thie moment, Drupal has no idea who might be behind this hacking attempt. Hackers had gained access to username, email addresses and passwords. Good news is that password were stored in hash. But they are still investigating to know about other types of information compromised.
Drupal said that they never store credit card detail on their server. But they are trying to investigate whether any malicious code put on the server to intercept data.
Drupal confirms that the unauthorized access was made via third party software installed on the server. They are said that it was the result of Drupal vulnerability. If you are using Drupal for your websites, you do not need to worry about this.
“Unauthorized access was made via third-party software installed on the Drupal.org server infrastructure, and was not the result of a vulnerability within Drupal itself. We have worked with the vendor to confirm it is a known vulnerability and has been publicly disclosed. We are still investigating and will share more detail when it is appropriate,” Drupal confirms.
Keep an eye on Drupal’s announcement for more details or keep visiting Techlomedia.
