The Linux Australia conference has revealed that one of its servers database was compromised. The personal data of conference attendees might have been exposed.Linux Australia's server held information on delegates to its popular annual conferences for 2013, 2014, and the most recent event held January in Auckland.
Admins believe that purpose of this attack was not for harvesting data, attackers may have had access to personal details, including full names, email addresses, physical addresses, phone numbers (if provided) and hashed user passwords.
The organisation, which represents around 5,000 Linux users, hosts yearly conferences, admitted it was the victim of a buffer overflow attack on one of its servers on March 22nd.
Linux Australia president Joshua Hesketh, who has led the organisation since 2013, said the exploit utilised a “currently unknown vulnerability.”
Mr Hesketh said attackers leveraged a vulnerability in its system to trigger a remote buffer overflow and gain root level access to its server.
The news comes about two weeks after the group first noticed the breach and conformed to guidelines provided by the Australian Information Commissioner regarding data breach disclosure.
Mr Hesketh said the vulnerability affected the server hosting the Zookeepr conference management systems for the 2013, 2014, and 2015 national conference sand two PyCon installations.
The compromised host is being decommissioned and the one replacing it will have stronger security in place.
The steps taken to achieve this goal include tighter restrictions for Internet-facing services, adopting key-based logins only, a better schedule for operating system updates, and an expiration date for system user accounts, set to three months after the end of a conference.
A copy of the logs will be sent to a central server equipped with a log analysis tool, to alert admins of suspicious activity. Furthermore, the conference database will be deleted from Zookeepr after being transferred to a different server.
Attendees of the linux.conf.au and PyCon Australia events are asked to change their password if the same one is used for accessing other online accounts. This includes those using Mozilla Persona for authentication.
