Thursday, May 30, 2013 hacked you need to change passwords

The security department discovered unauthorized access to the user database and

Hacking is associated with vulnerability to third-party software that was installed on the server, rather than the most vulnerable in the content management system Drupal. So in that sense, users need not worry.

The problem is that by the attackers got the information about users, including usernames, emails are, country of residence (specified at registration) and hashed passwords. Who is going to investigate the incident and you may find that this is a partial list of the compromised information.

For users all the passwords were stored in hashed form with individual salt for each password. Although the attackers were, and hashes, and salt, but they will not be able to quickly decipher much of hashes by comparison with rainbow tables. Each of the hashes should be processed separately.

Some of the old passwords and other sites in Drupal 6 hashes stored without the use of salt.

As a precaution, all users are asked to login the next time the system required to change the password on the site and other sites that use the same password.

You can change passwords at

No comments:

Post a Comment