Drupal.org hacked – nearly million users affected


Drupal.org Security identified unauthorized access to user information on Drupal.org website and groups.drupal.org subsite, which affected nearly one million user accounts. Drupal is one of the leading content management platform for medium and large scale websites. Drupal said in their online blog that they currently have no idea who might be behind the attack – and that the hackers obtained access to usernames, email addresses, and hashed passwords. Drupal took an immediate action by resetting password for every user on their system who were affected. Those users will need to confirm their email addresses and make new passwords before regaining access.

Drupal also emphasized on their website that this only affected users who were using Drupal.org and groups.drupal.org, and that it doesn’t affect any websites using their Drupal CMS platform. They’ve posted a very detailed FAQs here about this incident and will be updating it as they investigate.