Jump to content
CCleaner Community Forums

Linux Mint website hacked and .iso's compromised


Recommended Posts

Just a warning to anyone who downloaded a Linux Mint 17.3 Cinnamon .iso file yesterday (Feb. 20,2016). Users were unknowingly redirected to another site and downloaded an .iso that was altered. It contains a backdoor to allow unauthorized access by hackers.

 

http://news.softpedia.com/news/linux-mint-website-hacked-users-pointed-to-download-isos-with-backdoors-in-them-500707.shtml

 

http://news.softpedia.com/news/linux-mint-website-hack-a-timeline-of-events-500719.shtml

 

1.) Delete the .iso and do not use it.

 

2.) If you did use the .iso to install the OS, then you should erase the disk using Ccleaner's disk wipe function or some other utility that does a sector-by-sector disk wipe.

Start every day with a smile and get it over with. - W.C. Fields

Link to post
Share on other sites
  • Moderators

Note the forum was also hacked 

 

http://blog.linuxmint.com/?p=3001

 

Will make a lot of people wary of downloading ISO's now.

CCleaner documentation can be found here

https://www.ccleaner.com/docs/ccleaner

Support contact

https://support.piriform.com/hc/en-us/requests/new

support@ccleaner.com

 

Link to post
Share on other sites
  • Moderators

Will make a lot of people wary of downloading ISO's now.

 

No more weary than downloading anything really, virus scan everything downloaded and preferably with more than just one anti-virus/anti-malware solution.

Link to post
Share on other sites
  • Moderators

Just a note that the database of the entire Linux Mint forum was being sold online for $85 in mid January, yet it took them until a couple of days ago to realise they had been hacked.

 

''We’re software developers not intrusion experts'' is not a comment you want to see really as most online servers are linux based.

CCleaner documentation can be found here

https://www.ccleaner.com/docs/ccleaner

Support contact

https://support.piriform.com/hc/en-us/requests/new

support@ccleaner.com

 

Link to post
Share on other sites

I found out one of my email accounts had been compromised by the Mint hack. 

You can check yours here, just enter your address. 

https://haveibeenpwned.com/

Looks like this if they got'cha: 

 

 

The CCleaner SLIM version is always released a bit after any new version; when it is it will be HERE :-)

Pssssst: ... It isn't really a cloud. Its a bunch of big, giant servers.

Link to post
Share on other sites

The blog is still up: http://blog.linuxmint.com/

 

And Clem posted this yesterday:

 

It was confirmed that the forums database was compromised during the attack led against us yesterday and that the attackers acquired a copy of it. If you have an account on forums.linuxmint.com, please change your password on all sensitive websites as soon as possible.

The database contains the following sensitive information:

  • Your forums username
  • An encrypted copy of your forums password
  • Your email address
  • Any personal information you might have put in your signature/profile/etc…
  • Any personal information you might written on the forums (including private topics and private messages)

People primarily at risk are people whose forums password is the same as their email password or as the password they use on popular or sensitive websites. Although the passwords cannot be decrypted, they can be brute-forced (found by trial) if they are simple enough or guessed if they relate to personal information.

 

Out of precaution we recommend all forums users change their passwords.

 

While changing your passwords, please start with your email password and do not use the same password on different websites.

Start every day with a smile and get it over with. - W.C. Fields

Link to post
Share on other sites

I went to gmail to change the password and could not do so.  Tried every suggestion at least twice. 

Just got a red popup saying "Sorry, we could not change your password."

 

Then turned off uBlock Origin for the sites and the password changed on the first try. 

Who KNOWS this stuff?  Does everybody just sort of guess (like I did), or what? 

 

I am getting weary of being wary. < < Yuk yuk.  :lol:

The CCleaner SLIM version is always released a bit after any new version; when it is it will be HERE :-)

Pssssst: ... It isn't really a cloud. Its a bunch of big, giant servers.

Link to post
Share on other sites
  • 3 weeks later...
  • Moderators

At this point your lucky if one of the websites you use hasn't been hacked. 

I just make sure I use 2 factor authentication everywhere and change my passwords regularly. 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...