The Sabayon wiki, forum, and bugzilla installations have been hacked by an unknown party and all the usernames, emails, and encrypted passwords have been compromised.The hackers are not attacking only prominent political targets, but they also have a beef with ordinary users and Linux distributions. The Sabayon community is just the latest one in a very long line of problems.
“Dear users, a couple of days ago, during the night between Oct 28 and Oct 29 (GMT time, +0000), the credentials of one of our forum administrators were stolen and used to conduct an attack against our wiki, forum, bugzilla installations,” said one of the forum administrators in an email to users and on the official forums.
“The attacker used these credentials to inject php code into our forum FAQ page as a way to install two backdoor scripts (cache2.php and cache3.php) and gain full access to all the user accounts on our web infrastructure (we used a centralized authentication system based on phpbb),” he also said.
This means that you will have to change your authentication credentials, even if the passwords were kept in salted double MD5.
The problem has been remedied, and the security for the Sabayon community has been strengthened.