The following message was sent to all account users:
And this topic is dedicated to their queries and questions.Hello,
You are receiving this message because you have an account registered on forums.linuxmint.com:
Username: USERNAME
Email: EMAIL
The Linux Mint forums software was compromised by an external attacker. As a result, the attacker has gained access to read your username, email address and an encrypted (hashed and salted) copy of your password from the forum database.
If you have used this password and email address to authenticate at any other website, you are urged to reset the password on those accounts immediately as the attacker may be able to use the compromised personal information to access these other accounts. It is important to have a distinct password for different accounts.
Please also take the time to change your forums.linuxmint.com account password.
For any queries or questions related to this incident, please visit the following topic:
viewtopic.php?f=60&t=217506
We apologize for any inconvenience to the Linux Mint community, thank you for your understanding.
The Linux Mint administration team.
FAQ
Can the hackers decrypt my password?
No, but they can "find" it by brute-force with a tool which encrypts millions of common keywords and passwords and compares the result with your encrypted password.
How long would it take for the hackers to decrypt my password?
They're hashed and salted, but that only slows them down if your password is complex. Depending on its complexity it can take from a few seconds to a thousands of years.
When were the forums hacked?
An attack was detected on Feb 20th. During the analysis of the intrusion, it was later confirmed that a previous attack had been undetected on Feb 18th.
According to sources and interviews of the attackers, the first attack was on Jan 20th. We couldn't however confirm this information.
According to haveibeenpwned.com, 51% of the accounts had already had their details, email or passwords leaked from attacks previously done on other websites:
To check, please visit: https://haveibeenpwned.com
How were the forums hacked?
By lack of hardening on the server. The hackers used the forums software to upload a PHP backdoor which gave them a local www-data shell. From there they were able to access the database.
What is being done to prevent this in the future?
One key aspect is the uniqueness and the complexity of the passwords. If your password is complex, it's harder to crack. If your password is unique, it doesn't matter that much if it gets cracked.
This attack raised awareness and hopefully will make our users use unique passwords.
The settings were modified on the forums and they now require stronger passwords.
On the servers themselves, the team worked day and night to harden as many aspects as possible. Each website is now running on its very own server. All websites are now behind a strict firewall and the presence of malware is monitored by a security firm. Many restrictions were placed on apache and php to restrict their scope and privileges. All automated backups were reviewed. Https was implemented to prevent man-in-the-middle attacks.