Drupal.org

In May 2013, Drupal.org discovered a security breach affecting its user account database. Unauthorized access was gained through a vulnerability in a third party application installed on the server infrastructure. The attackers accessed user profiles including usernames, email addresses, and salted hashed passwords. Although the passwords were encrypted, the Drupal Association reset all user passwords as a precautionary measure to ensure the safety of the developer community and maintain the integrity of the open source project repositories.