The security team behind open source CMS Drupal has announced that unauthorised access was gained into account information on their website Drupal.org.
The news may be a timely reminder for Australian organisations concerned about their ICT security to step up their vulnerability management to prevent similar incidents occurring.
In a blog post published May 29, Drupal executive director Holly Ross announced that their security team and infrastructure team has discovered the unauthorised access, which was accomplished using third-party software installed on the Drupal.org server.
As a result, personal account holder information such as usernames, email addresses, hashed passwords and country information was exposed, prompting a reset of of all user passwords.
"Upon discovering the files during a security audit, we shut down the association.drupal.org website to mitigate any possible ongoing security issues related to the files," the blog post reads.
"The Drupal security team then began forensic evaluations and discovered that user account information had been accessed via this vulnerability."
Security audits can be very helpful in picking up potential flaws such as this before they can be exploited against your company.
Securus Global is highly experienced at undertaking comprehensive security assessments for organisations, using penetration testing to help identify and resolve any gaps in the security of your ICT networks.