1. Home
  2. Forums Index
  3. Server Side / Content Management 2:56 am May 21, 2026

Forum Moderators: open

Message Too Old, No Replies

Change your drupal.org passwords

         

JohnRoy

11:33 pm on May 29, 2013 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Unauthorized access to account information was discovered on Drupal.org and groups.drupal.org.

From drupal.org/news/130529SecurityUpdate

What happened?

Malicious files were placed on association.drupal.org servers via a third-party application used by that site. Upon discovering the files during a security audit, we shut down the association.drupal.org website to mitigate any possible ongoing security issues related to the files. The Drupal Security Team then began forensic evaluations and discovered that user account information had been accessed via this vulnerability.

ergophobe

3:32 am on May 30, 2013 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Thanks for the heads up - this is why I use random auto-generated passwords on most sites. If someone cracks my password, it's only for one site.

explorador

3:19 pm on May 30, 2013 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Thanks, I got the email.

I understand the problem is not related to Drupal but to the accounts we might have at Drupal.org, so Drupal installs are safe as yesterday or a week ago.

incrediBILL

3:52 pm on May 30, 2013 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Oh look, they're jealous of all the WordPress hacks and had to go get one for themselves!

rollinj

5:54 pm on May 30, 2013 (gmt 0)

10+ Year Member



@ergophobe you and me both, buddy!

ergophobe

6:09 am on May 31, 2013 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



"Drupal installs are safe"

True, this is not news about a vulnerability in Drupal per se, but that does not imply that Drupal installs are safe or unsafe, merely that the Drupal.org website got hacked in some unknown way.

As in "Bob crashed his Ford because he was drunk, so my car is safe." Maybe, maybe not ;-)

4serendipity

8:26 pm on Jun 2, 2013 (gmt 0)

10+ Year Member



I understand the problem is not related to Drupal but to the accounts we might have at Drupal.org, so Drupal installs are safe as yesterday or a week ago.


One thing that I really like about drupal is how well the security team and other members of the community communicate issues.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / Content Management 2:56 am May 21, 2026