Drupal.org hackat, byt ditt lösenord nu (tusentals konton drabbade)

Jag fick ett mail nu på morgonen som jag först trodde var ännu ett bluffmejl. Det visade sig dock handla om att Drupal.org blivit hackat och det bekräftas av TechCrunch.

Dear community member,
We respect the privacy of your information, which is why, as a precautionary measure, we are writing to let you know about an incident that involves your personal information. The Drupal.org Security and Infrastructure Teams have discovered unauthorized access to account information on Drupal.org and groups.drupal.org. Information exposed includes usernames, email addresses, and country information, as well as hashed passwords. However, we are still investigating the incident and may learn about other types of information compromised, in which case we will notify you accordingly.

This unauthorized access was made via third-party software installed on the Drupal.org server infrastructure, and was not the result of a vulnerability within the Drupal software itself. This notice applies specifically to user account data stored on Drupal.org and groups.drupal.org, and not to sites running Drupal generally.

Det ska inte röra sig om en sårbarhet i själva Drupal utan bero på tredje-parts mjukvara installerad på de servrar där Drupal.org driftas. Användarnamn, e-postadresser och hashade lösenord är på drift, och om du har konto på Drupal.org (som jag har) bör du genast begära ett nytt lösenord (länk till https://drupal.org/user/password).