The leader of the Linux Mint project, one of the more popular Linux distributions for the desktop, has revealed the project's website was attacked. In two separate posts to the project's blog, Clement Lefebvre wrote that the damage to the project includes a compromised ISO for Linux Mint 17.3 Cinnamon edition and a stolen forums database.
The linuxmint.com domain remained down until earlier today, and now the blog.linuxmint.com subdomain isn't responding. The previously linked blog posts were viewed via Google's site cache.
To compromise the Cinnamon edition ISO, the attackers inserted a bogus link on the site's download page pointing to a custom ISO containing a backdoor. Both the link and the backdoor point to a source in Sofia, Bulgaria. It isn't clear whether the MD5 checksum listed on the download page for the ISO was also altered, but the blog post says the valid checksums are as follows:
6e7f7e03500747c6c3bfece2c9c8394f linuxmint-17.3-cinnamon-32bit.iso e71a2aad8b58605e906dbea444dc4983 linuxmint-17.3-cinnamon-64bit.iso 30fef1aa1134c5f3778c77c4417f7238 linuxmint-17.3-cinnamon-nocodecs-32bit.iso 3406350a87c201cdca0927b1bc7c2ccd linuxmint-17.3-cinnamon-nocodecs-64bit.iso df38af96e99726bb0a1ef3e5cd47563d linuxmint-17.3-cinnamon-oem-64bit.iso
The stolen forums database includes potentially sensitive information such as private topics and messages. Lefebvre says forum passwords were encrypted, but he advises all forum members to change their password. Anyone using the same or similar passwords in other domains should change those, too.
It isn't immediately clear how the server was compromised, but The Hacker News suggests it may have been through the site's WordPress blog.