Today, The Drupal.org Security Team has discovered unauthorized access to account information on Drupal.org and groups.drupal.org.
The announcement went onto say “This access was accomplished via third-party software installed on the Drupal.org server infrastructure, and was not the result of a vulnerability within Drupal itself”. The data that was accessed includes usernames, emails, country information and hash passwords. All Drupal.org passwords are both hashed and salted, although some older passwords on some subsites were not salted.
To rest your Drupal password, the team has provided these steps:
- Go to https://drupal.org/user/password
- Enter your username or email address.
- Check your email and follow the link to enter a new password.
- It can take up to 15 minutes for the password reset email to arrive. If you do not receive the e-mail within 15 minutes, make sure to check your spam folder as well.
You can read more on this incident here.