Linux distributor 'Linux Mint' warned users over the weekend that it has been hacked, exposing users to a malicious backdoor and compromising sensitive customer information.
Project leader Clement Lefebvre explained in a blog post that the attacker made a modified Linux Mint ISO, with a backdoor in it, and then hacked the distributor’s website to point to it.
Only Linux Mint 17.3 Cinnamon edition is thought to have been affected – specifically for those who downloaded on 20 February – and users who downloaded it via torrents or a direct HTTP link aren’t at risk.
For those who think they are, Lefebvre urged them to delete the offending ISO, back up any data on their PC, reinstall the OS or format the partition and change any passwords for sensitive sites.
On top of that, the Linux Mint team also discovered that the same hacker had compromised its forums database.
This means user names, encrypted passwords, email addresses and potentially other sensitive personal information has been exposed.
“People primarily at risk are people whose forums password is the same as their email password or as the password they use on popular or sensitive websites. Although the passwords cannot be decrypted, they can be brute-forced (found by trial) if they are simple enough or guessed if they relate to personal information,” Lefebvre explained.
“Out of precaution we recommend all forums users change their passwords.”
The backdoor apparently connects to a domain hosted in Sofia. Linux Mint said it doesn’t know the motivation behind the attack, although ZDNet claims to have spoken to the hacker.
The individual, going under the alias of ‘Peace,’ claimed to be in control of a few hundred Linux installs and has already put the stolen information up for sale on the darknet, with the data dump going for around $85.