The Linux Foundation taken offline following security breach
On or around August 12 the servers used to maintain and distribute the Linux
operating system were compromised. No one noticed for over two weeks allowing
malware to fill those servers accessed through kernel.org. Since then kernel.org has
been down for maintenance as site administrators try to understand how the attack
was possible and what damage it did.
Now it seems the breach has extended beyond kernel.org. On September 8 a new
breach was discovered across The Linux Foundation‘s group of sites. That includes
LinuxFoundation.com and Linux.com, and any subdomains those sites run.
If you visit either domain at the moment you will be presented with a message explaining
what has happened. The decision to take all servers offline was done in the “interest of
extreme caution and security best practices.”
If you were a member, or have an account on The Linux Foundation or Linux.com sites,
then expect to be receiving an email shortly. The breach is thought to have compromised
usernames, email addresses, passwords, and any personal information stored with the account.
The advice being given is to check the password you used with that account is not being
used for other logins in use. If it is, then change the password immediately for those accounts.
The services offered by The Linux Foundation, which include Linux.com,
Open Printing, and Linux Mark, will be restored as and when the breach has
been neutralized and new security measures put in place. I wouldn’t be
surprised to see a forced password reset happening in the coming days or weeks.
Subscribe to:
Post Comments (Atom)