A Linux Australia server hosting a conference attendee database was compromised after cybercriminals were able to gain root level access. Information taken related to the Linux Australia Conference for 2013, 2014 and 2015, along with PyCon Australia 2013 and 2014 – stolen data included names, email addresses, physical mailing addresses, phone numbers, and passwords.
Linux Australia insists that since attendees pay for conferences via a third party gateway, user’s payment card information was not disclosed in the breach.
“A remote access tool was installed, and the server was rebooted to load this software into memory.A botnet command and control was subsequently installed and started. During the period the individual had access to the Zookeepr server, a number of Linux Australia’s automated backup processes ran, which included the dumping of conference databases to disk”,according to the email signed by the Linux Council of Australia.
Two days later however, upon further examination, the group’s administrative team was able to deduce that the server had fallen victim to a malicious attack. In response, developers suspended all non-admin accounts that interacted with the server.