Linux Australia, an organization of open-source and free software user group, revealed that one of their server was hacked. The personal details of conference attendees might have been accessed.
According to the organization only the personal data including the names, street, phone numbers and email addresses of delegates for Linux Australia conferences and PyCon have been exposed in a server breach. No financial data have been exposed because they use a third party payment system.
A server had been attacked on March 22, but the Linux Australia discovered the breach on March 24,after conference management software Zookeepr started sending a large number of error reporting emails.
The hackers utilized an unknown vulnerability to trigger a remote buffer overflow and obtain full control of the server hosting the information by installing a remote access tool and then botnet command and control software.
Joshua Hesketh, Linux Australia’s president wrote “It is the assessment of Linux Australia that the individual utilised a currently unknown vulnerability to trigger a remote buffer overflow and gain root level access to the server. A remote access tool was installed, and the server was rebooted to load this software into memory. A botnet command and control was subsequently installed and started. During the period the individual had access to the Zookeepr server, a number of Linux Australia’s automated backup processes ran, which included the dumping of conference databases to disk.”
Immediately responding to the incident, Linux Australia has decommissioned the infected server, and announced improvements to its architecture and security.