Backdoored downloads not full extent of problem
A hack against Linux Mint over the weekend that meant surfers were invited to download a copy of the open source distro that came contaminated with a backdoor has also affected the organisation’s forums.
As previously reported, hackers made a modified Linux Mint ISO before hacking its website with a link to the compromised code.
The breach was quickly detected.
It only affected those who downloaded Linux Mint 17.3 Cinnamon edition on Saturday, 20 February.
Hackers planted a malicious PHP script that redirected surfers to an imposter site hosted backdoored copies of the popular Linux distribution, as explained here.
The official Linux Mint software repository was not affected.
Nonetheless, downloads were suspended while developers sorted out the resulting mess.
By Sunday Linux Mint had been able to confirm that its forums database was compromised during the same attack. Users with an account on forums.linuxmint.com were advised to change their passwords. Potentially leaked info included email addresses, private message sent through the forum, forums username and an “encrypted copy of your forums password”.
“People primarily at risk are people whose forums password is the same as their email password or as the password they use on popular or sensitive websites,” Clem Lefebvre, creator of the Linux Mint distribution warned in a blog post. “Although the passwords cannot be decrypted, they can be brute-forced (found by trial) if they are simple enough or guessed if they relate to personal information.”
While changing your passwords, please start with your email password and do not use the same password on different websites, Linux Mint advised.
A hacker is offering to sell what purports to be Linux Mint’s full website’s database online for $85.
Peace, the hacker who made the listing, claims he was also behind the hack on Linux Mint, which he told ZDNet was chiefly designed to seed a botnet infection. He claimed a “few hundred” victims.
The attach attempted to turn compromised machines into drones within the Tsunami botnet. ®
Sponsored: Building secure multi-factor authentication