9 of 15Image
In May this year, almost one million accounts were compromised and passwords were forced to be reset after hackers infiltrated Drupal.org's systems.
Drupal, which offers an open-source content management system (CMS) to power the back of websites, joins the ranks of Wordpress and Joomla as a popular option for millions of webmasters. However, on May 29, the security team wrote in a blog post that third-party software installed on Drupal.org servers allowed hackers to access the system. User account data on Drupal.org and groups.drupal.org were accessed, including usernames, email addresses and country information, as well as hashed passwords. The team said:
"Upon discovering the files during a security audit, we shut down the association.drupal.org website to mitigate any possible ongoing security issues related to the files. The Drupal Security Team then began forensic evaluations and discovered that user account information had been accessed via this vulnerability."
As a precaution, users of Drupal had to reset their login information. In addition, Drupal rebuilt its security systems, enhanced many servers with new security patches, and added antivirus to scanning routines.
According to Drupal's website, 1,012,335 people in 229 countries currently use the system.
Washington State Court System Breach
In May this year, Washington State Court systems were infiltrated by hackers, exposing up to 160,000 Social security numbers.
The agency found that the website of the Washington State Administrative Office of the Courts (AOC) was accessed unlawfully through third-party software installed on the network. Up to 160,000 social security numbers and the details of one million driver's licenses may have been downloaded and accessed, although only 94 Social security numbers were confirmed as stolen.
Mike Keeling, information technology operations and maintenance manager for the court system, told reporters on a conference call:
"The access occurred through a 'back door' part of a commercial software product we were using, and it is patched now. We found specific (hacker) footprints in the area where those 94 Social Security numbers were located, so that's why we're reasonably sure that the data was accessed."
Government officials said that Social security numbers and of those booked into a city or county jail in the state from September 2011 to December 2012, and those who received a DUI from 1989 to 2011 were potentially at risk.
In May, Yahoo! Japan detected unauthorized access in the administrative panel of the Yahoo! Japan web portal, and suspected up to 22 million user IDs may have been stolen as a result.
The access attempt, which took place at roughly 9pm on May 16 this year, did not include passwords or the data necessary to reset them. In a blog post apologizing for the breach, Yahoo! Japan said:
"We don't know if the file (of 22 million user IDs) was leaked or not, but we can't deny the possibility given the volume of traffic between our server and external" terminals."
Yahoo! has a 35 percent stake in the company.