IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Drupal website hack prompts password reset

Drupal.org falls victim to hackers, resulting in new passwords for users.

Password protection

Hackers have gained unauthorised access to the user names, email addresses and passwords of a number of Drupal.org users.

The open source online content management firm's security and infrastructure team confirmed the website breach in a blog post last night, and stressed that websites running on its platform should not be affected.

"The Drupal.org security team and infrastructure team has discovered unauthorised access to account information on Drupal.org and groups.drupal.org," the blog post states.

"This access was accomplished via third-party software installed on the Drupal.org server infrastructure, and was not the result of a vulnerability within Drupal itself."

The platform itself is used to underpin blogs and enterprise applications, while the groups.drupal.org arm is where its users can congregate to work or receive support for their Drupal-based projects.

The blog post also confirmed that all Drupal.org account holders have had their passwords changed as a precautionary measure.

"Information exposed includes usernames, email addresses, country information, as well as hashed passwords. However, we are still investigating the incident and may learn about other times of information compromised, in which case we will notify you accordingly," the post continued.

The company said it has no information to share at the moment about the identity of the attackers, but assured users it was doing all it can to prevent something similar happening again.

For instance, the company has introduced a number of infrastructure and application changes that have seen it "harden" its Apache web server configurations and introduce an anti-virus scanner that looks for malicious files being uploaded to the Drupal.org servers.

Further to this, it has also advised users to be on their guard against phising attacks in the wake of the hack.

"Beware of emails that threaten to close your account if you do not take the immediate action' of providing personal information," the post added.

"We do not store credit card information, [so] as a precaution we recommend you closely monitor your financial accounts if you made a transaction on association.drugal.org or if you use a password with your financial institution that is similar to your [one for] Drupal.org."

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Apple, Google, Microsoft expand their support for password-less sign-ins
cyber security

Apple, Google, Microsoft expand their support for password-less sign-ins

6 May 2022
NordPass teams up with insurance provider Cowbell Cyber to improve security awareness
cyber security

NordPass teams up with insurance provider Cowbell Cyber to improve security awareness

18 Feb 2022
NCA donates 225 million passwords to Have I Been Pwned
cyber security

NCA donates 225 million passwords to Have I Been Pwned

21 Dec 2021
Top 200 most common passwords of 2021 revealed
cyber security

Top 200 most common passwords of 2021 revealed

10 Dec 2021

Most Popular

Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
How full-stack observability can accelerate IT innovation
Sponsored

How full-stack observability can accelerate IT innovation

3 May 2022