Linux Mint website hacked and .iso's compromised

[Derek891]

Just a warning to anyone who downloaded a Linux Mint 17.3 Cinnamon .iso file yesterday (Feb. 20,2016). Users were unknowingly redirected to another site and downloaded an .iso that was altered. It contains a backdoor to allow unauthorized access by hackers.

 

http://news.softpedia.com/news/linux-mint-website-hacked-users-pointed-to-download-isos-with-backdoors-in-them-500707.shtml

 

http://news.softpedia.com/news/linux-mint-website-hack-a-timeline-of-events-500719.shtml

 

1.) Delete the .iso and do not use it.

 

2.) If you did use the .iso to install the OS, then you should erase the disk using Ccleaner's disk wipe function or some other utility that does a sector-by-sector disk wipe.

[hazelnut]

Note the forum was also hacked 

 

http://blog.linuxmint.com/?p=3001

 

Will make a lot of people wary of downloading ISO's now.

[Andavari]

Will make a lot of people wary of downloading ISO's now.

 

No more weary than downloading anything really, virus scan everything downloaded and preferably with more than just one anti-virus/anti-malware solution.

[hazelnut]

Just a note that the database of the entire Linux Mint forum was being sold online for $85 in mid January, yet it took them until a couple of days ago to realise they had been hacked.

 

''We’re software developers not intrusion experts'' is not a comment you want to see really as most online servers are linux based.

[login123]

I found out one of my email accounts had been compromised by the Mint hack. 

You can check yours here, just enter your address. 

https://haveibeenpwned.com/

Looks like this if they got'cha: 

 

 

[Derek891]

The blog is still up: http://blog.linuxmint.com/

 

And Clem posted this yesterday:

 

It was confirmed that the forums database was compromised during the attack led against us yesterday and that the attackers acquired a copy of it. If you have an account on forums.linuxmint.com, please change your password on all sensitive websites as soon as possible.

The database contains the following sensitive information:

• Your forums username
• An encrypted copy of your forums password
• Your email address
• Any personal information you might have put in your signature/profile/etc…
• Any personal information you might written on the forums (including private topics and private messages)

People primarily at risk are people whose forums password is the same as their email password or as the password they use on popular or sensitive websites. Although the passwords cannot be decrypted, they can be brute-forced (found by trial) if they are simple enough or guessed if they relate to personal information.

 

Out of precaution we recommend all forums users change their passwords.

 

While changing your passwords, please start with your email password and do not use the same password on different websites.

[login123]

I went to gmail to change the password and could not do so.  Tried every suggestion at least twice. 

Just got a red popup saying "Sorry, we could not change your password."

 

Then turned off uBlock Origin for the sites and the password changed on the first try. 

Who KNOWS this stuff?  Does everybody just sort of guess (like I did), or what? 

 

I am getting weary of being wary. < < Yuk yuk. 

[rridgely]

At this point your lucky if one of the websites you use hasn't been hacked. 

I just make sure I use 2 factor authentication everywhere and change my passwords regularly.