Linux Mint, which is derived from elements of Debian and Ubuntu Linux, had its website hacked through an exploit in the WordPress editor. As a result, the hackers were able to access and copy the Mint user forum—offering it for downloads for $85.00. They also created a misdirect on the project’s homepage to a Mint version download that had a “backdoor,” making it vulnerable to anyone knowing how to exploit it. The Linux Mint Blog recommended that anyone who used their Mint forum username and password on other websites should change them.
In total, it’s estimated that the breach compromised approximately 145,000 email addresses, dates of birth, geographic locations, IP addresses and passwords.
The only compromised version of Linux Mint was the 17.3 Cinnamon edition that was available on February 20, 2016. The distribution’s builders recommended that anyone who installed that version on their computers should replace it with an updated one. They also suggested disposing of any DVDs that were burned with the unsafe ISO. Any removable media that it was installed on should be reformatted.
The mechanism by which the hackers got their vulnerable version “out there” was an FTP server located in Bulgaria. The infected version of Mint included an Internet Relay Chat backdoor called Tsunami.