Yesterday (Also used as a Back-end system of hacked this is confirmed by Drupal itself in their News & Announcement section section under FAQ.

It is still unknown that who was behind this hack and according to Drupal their Security Team and Infrastructure Team has identified unauthorized access to user information on and, which occurred via third-party software installed on the server infrastructure.


In the Drupal breach some confidential info of users have been stolen including passwords.

Still Drupal think that Hashed Passwords are secure but it seems that they never tried to search on Google about Hash Cracker.

What has been hacked from Drupal Server?
  • Username
  • Email address
  • Hashed passwords
  • Country for some users
Drupal also stated some important info for users:
  • Was my credit card information exposed? – We do not store credit card information on our site and have uncovered no evidence that card numbers may have been intercepted.
  •  Were projects or hosted code altered? – We have no evidence to suggest that an unauthorized user modified Drupal core or any contributed projects or packages on Software distributed on is open source and bundled from publicly accessible repositories with log histories and access controls.
Drupal Users can change their passwords with the following steps:

  1. Go to
  2. Enter your username or email address.
  3. Check your email and follow the link to enter a new password.
*It can take up to 15 minutes for the password reset email to arrive. If you do not receive the e-mail within 15 minutes, make sure to check your spam folder as well.
Drupal is also used as a back-end system for at least 2.1% of all the websites worldwide ranging from personal blogs to corporate, political and government sites including and



This site uses Akismet to reduce spam. Learn how your comment data is processed.