Tuesday, March 5, 2019
Home / Security / Breaches / Drupal.org Breached, Reset your Passwords

Drupal.org Breached, Reset your Passwords

Today, The Drupal.org Security Team has discovered unauthorized access to account information on Drupal.org and groups.drupal.org.

The announcement went onto say “This access was accomplished via third-party software installed on the Drupal.org server infrastructure, and was not the result of a vulnerability within Drupal itself”.  The data that was accessed includes usernames, emails, country information and hash passwords.  All Drupal.org passwords are both hashed and salted, although some older passwords on some subsites were not salted.

To rest your Drupal password, the team has provided these steps:

  1. Go to https://drupal.org/user/password
  2. Enter your username or email address.
  3. Check your email and follow the link to enter a new password.
    • It can take up to 15 minutes for the password reset email to arrive. If you do not receive the e-mail within 15 minutes, make sure to check your spam folder as well.

You can read more on this incident here.

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Silent OS 3.0 for Blackphone Completely revamped

Version 3.0 migrates Silent OS to Android Marshmallow 6.0.1 and delivers the Android safety patch …