14 DAY TRIAL // Opscode, the company that develops the Chef software configuration management tool, has started warning users that their personal details have been compromised.
According to the company, cybercriminals gained access to the tickets.opscode.com and wiki.opscode.com user database by exploiting a vulnerability in the third-party software that runs the ticketing and wiki systems.
The database in question stores usernames, email addresses, names and hashed passwords. While the PBKDF2 hashes are difficult to crack, the company has decided to force customers to change their passwords as a precaution.
“We are still investigating this breach; however, there is currently no evidence that any other systems were impacted or that other data was compromised,” the company stated.
It added, “This does not directly impact your Hosted Chef data or accounts.”
The breach was detected by Opscode’s security monitoring systems. As soon as the incident was discovered, the impacted systems were isolated and forensic data was secured.
The company promises to provide additional details once they become available.