Drupal Resets Passwords After Server Breach Discovery
The security team of the popular Drupal open-source content management system detected suspicious files on its servers, indicating that attackers had compromised the systems.The Drupal project, which manages development of the content management system of the same name, reset passwords for nearly 1 million users on May 29 after its security team discovered that the site had been compromised using a vulnerability in a third-party application. The project's security team found suspicious files during a security audit, which they continue to analyze, but decided to notify Drupal users that their information may have been leaked, Holly Ross, the executive director of the Drupal Association, said in a blog post. The information exposed by the breach included user names, e-mail addresses and hashed passwords, she said. "Upon discovering the files during a security audit, we shut down the association.drupal.org Website to mitigate any possible ongoing security issues related to the files," she wrote. "The Drupal Security Team then began forensic evaluations and discovered that user account information had been accessed via this vulnerability." Online attackers’ focus on Drupal is unsurprising. At least two other open-source content management platforms—Wordpress and Joomla—have been targeted by attackers intent on creating botnets out of high-bandwidth Web servers from which they can launch large distributed denial-of-service attacks against other sites. Among the high-profile sites that use Drupal are the Websites of the White House and the Economist. The project does not believe that any of its code has been impacted by the compromise.
"We have no evidence to suggest that an unauthorized user modified Drupal core or any contributed projects or packages on Drupal.org," Ross said. "Software distributed on Drupal.org is open source and bundled from publicly accessible repositories with log histories and access controls."