14 DAY TRIAL // The Linux Mint bad news keeps on coming. After a website hack that tricked users into downloading a fake Linux Mint ISO with a backdoor, now the developers are also warning users to change their passwords for the forums.
It was revealed yesterday that the Linux Mint website was hacked, and users were redirected to download a modified Linux Mint 17.3 Cinnamon Edition that was infected with a trojan named TSUNAMI. As if this wasn't bad enough, the hackers also gained access to the forums database, which means only one thing. People really need to change their passwords.
In fact, earlier today the forum database (Linuxmint.com shell, php mailer, and full forum dump) was made available for purchase for the measly sum of $85. As our colleague already explained in much greater detail, this is a really small sum and the entire operation seems weird.
The trojan was really old, and they could have chosen much better tools for their dastardly plans, and selling the database for 85$ is, at least, weird. The only good explanation is that they just wanted to make it clear that the website was exposed.
Forums database compromised, new passwords required
Pretty much everything that's related to the forums has been compromised. The only consolation is that the user's password was encrypted, but we all know that the protection can only last so long if they put their mind to it.
“It was confirmed that the forums database was compromised during the attack led against us yesterday and that the attackers acquired a copy of it. If you have an account on forums.linuxmint.com, please change your password on all sensitive websites as soon as possible,” the leader of the Linux Mint project, Clement Lefebvre revealed.
This is what was affected: the forum usernames, the passwords (encrypted), email addresses, any information in the signature, profile and so on, and any information posted on forums, including private messages and private topics. It's pretty much everything.