Apache server suffers hack attack

An attack on Apache’s project server has resulted in passwords being stolen from all users.

Hack attack

Hackers have attacked the Apache Software Foundation's (ASF) project server and stolen the passwords of all its users.

The attack began on 5 April when hackers broke into Apache's Atlassian JIRA software used to track all its projects and any bugs that emerge.

They sent server admins a TinyURL link claiming they were having problems whilst browsing projects. When admins clicked on the link, it compromised their sessions and allowed the hackers to get hold of administrator rights.

By 9 April, the hackers had planted a password stealing programme and taken full control of JIRA, as well as Apache's Confluence and Bugzilla programmes.

"If you are a user of the Apache hosted JIRA, Bugzilla, or Confluence, a hashed copy of your password has been compromised," said a blog post from the Apache Infrastructure team.

It has warned users of any of these programs to change their passwords, especially if they logged in between 6-9 April.

It has also left those who had Atlassian accounts before July 2008 in danger as an old unencrypted database containing customer passwords was left online and could have been compromised.

"We made a big error," admitted Mike Cannon-Brookes, chief executive of Atlassian, in a blog post. "For this we are, of course, extremely sorry."

He added: "The legacy customer database, with passwords stored in plain text, was a liability. Even though it wasn't active, it should have been deleted. There's no logical explanation for why it wasn't, other than as we moved off one project, and on to the next one, we dropped the ball and screwed up."

Apache is running JIRA on a proxy configuration for the meantime and has made a number of changes to make the server safer.

"We hope our disclosure has been as open as possible and true to the ASF spirit," concluded the Apache blog. "Hopefully others can learn from our mistakes."

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Recommended

Hackers leak data from dark web marketplace
cyber security

Hackers leak data from dark web marketplace

9 Apr 2021
How to encrypt files and folders in Windows 10
encryption

How to encrypt files and folders in Windows 10

9 Apr 2021
The definitive guide to IT security
Whitepaper

The definitive guide to IT security

9 Apr 2021
Evidence suggests REvil behind Harris Federation ransomware attack
ransomware

Evidence suggests REvil behind Harris Federation ransomware attack

9 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
Hackers are using fake messages to break into WhatsApp accounts
instant messaging (IM)

Hackers are using fake messages to break into WhatsApp accounts

8 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021