The Drupal open-source group reset passwords after detecting unauthorized access to account information, according to a security update. The warning applies to users with data stored on Drupal.org and groups.drupal.org, and not to all sites running Drupal.
Hackers gained access to the data through third-party software on the server infrastructure. Information exposed includes user names, email addresses, country information, and hashed passwords. Though Drupal doesnâ€™t store credit card information, they recommended users to monitor their financial accounts as a precaution.
â€œWe are still investigating the incident and may learn about other types of information compromised, in which case we will notify you accordingly,â€ Drupal Association Executive Director Holly Ross said. â€œAs a precautionary measure, we’ve reset all Drupal.org account holder passwords and are requiring users to reset their passwords at their next login attempt.â€
Besides resetting passwords, Drupal also recommended users change their login details on other sites where they use similar passwords. They also told members to be cautious if they receive spam asking for personal details.
â€œIt is not our practice to request personal information by e-mail,â€ Drupal representatives said. â€œAlso, beware of emails that threaten to close your account if you do not take the â€˜immediate actionâ€™ of providing personal information.â€
Drupal is an open source software maintained and developed by a community of over 630,000 users and developers that allows people to organize, manage and publish their content.