"Early this morning we discovered that someone had managed to compromise gluck.debian.org," Debian developer James Troup wrote in an e-mail to the Debian community shortly before 4am AEST.
"We've taken the machine offline and are preparing to reinstall it," Troup continued, noting a number of key services were currently offline as a result.
The developer said Debian had initiated a security lock-down on most of its other servers, enforcing limited access to the resources.
"We're still investigating exactly what happened and the extent of the damage. We'll post more info as soon as we reasonably can," Troup said.
Troup added Debian would commence securing its other servers from "what we suspect is the exploit used to compromise gluck".
The embarassing security breach is not the first for Debian.
In November 2003 several of Debian's servers were similarly compromised and pulled offline. Troup was also one of the key developers investigating that incident.
ZDNet Australia has requested comment from the Debian Project about this morning's security breach.