The Drupal Association with an official notice revealed that Drupal was hit by a large-scale data breach that could have exposed data for nearly 1 million accounts. Unknown hackers have exploited a known vulnerability in a third-party software that was installed on the Drupal.org server infrastructure to access to the system. As a precautionary measure it is resetting the passwords for nearly one million accounts in the wake of a data breach. An impressive amount of web sites is based on the popular content management system.”]
Source: https://securityaffairs.co/wordpress/14833/hacking/drupal-data-breach-exposes-1m-account.html