Hacker Put Backdoor into Linux Mint Downloads

A hacker, who goes by the moniker “Peace,” revealed that he placed a malicious backdoor onto hundreds of Linux Mint downloads on February 20. He also admitted to making an entire copy of the site’s forum on two separate occasions. One was on January 2, and the other was on February 18. Any information that was readily available in those forums has been compromised. Passwords on the site were scrambled, but the hacker has claimed to crack some of them already.

Linux Mint

It was suggested that the point of the hack was to create a botnet, but the hacker claimed that there was no specific reason for the attack. Even so, the forums that were copied were put on the dark web with a price of $85 per download. Additionally, over 70,000 accounts were uploaded to the site HaveIBeenPwned, which is a breach notification site.

Peace is stated to live in Europe but did not give any other identifiable information out. Peace is claiming to be a lone hacker, not affiliated with any of hacking groups who have been in the news.

Linux Mint is created with open-source code, and the hacker claimed it only took them a few hours to put the backdoor in. They also replaced all of the mirror sites with versions of their own download. All of these have since been taken down.

A notice was put out by the company that if you had an account you needed to change your password and make sure that your password was not used anywhere else. If it was, it was suggested that you change your password and create a unique password for every site that you log into. The list of information that was contained in the database included:

  • Forum username
  • Scrambled forum password
  • Email address
  • Any personal information that was used in a forum signature
  • Any personal information that was shared through the forum including public and private topics and messages.

Current status of the Linux Mint website is that it is down. It is unclear how long it will be down. When the news of the hack broke, the amount of machines that were infected dropped significantly.

Are you concerned with the vulnerability of your site?

Call (703) 596-0022 or email us at info@tsiva.com to assist you with securing your site. TSI is here to handle all of your information technology needs. We make sure you’re covered – from monitoring to maintenance to backups and everything in between.

Connect with Us

Corporate Office

  • 3320 Noble Pond Way Suite 201 Woodbridge, Virginia 22193
  • Satellite Office

  • 21475 Ridgetop Circle Sterling, VA 20166 United States
  • Illinois Office

  • 145 E Walnut Street Oglesby, IL 61348 United States
  • Virginia: (703) 596_-0022 Maryland: (240) 712_-4222 Pennsylvania: (610) 365_-1919 Washington, DC: (202) 794_-7470 Illinois: (815) 205_-1138
  • Toll Free: (888) 596_-0022 Fax: (703) 637_-1284

Data Center

Come and See Us