Matt Posted August 1, 2013 Report Posted August 1, 2013 Opscode, the commercial side of the open source Chef configuration management tool beloved by Google, Facebook, and IBM, has warned customers that a flaw in an unnamed third-party application has left its wiki and ticketing system pwned."The attacker gained escalated privileges and downloaded the user database for the wiki and ticketing system," the company said in a blog post on Thursday. "The user database that was accessed contained usernames, email addresses, full names, and hashed passwords.""We believe these passwords are adequately secure (the software in question uses the PBKDF2 algorithm), but we will be forcing a password change on the ticketing and wiki systems. If you use this password on other systems, we suggest choosing a new password on those systems as well. We will also contact the affected users via email today."The company was alerted to the attack by internal security monitoring, the attacker has been kicked out, and now a full investigation is underway using forensics the team has gathered. There's no word as to whether the police are involved.Opscode says there's "currently no evidence" that hosted data has been copied or compromised, but it recommends users who use the same username and password for hosted accounts should also change passwords.It's an embarrassing issue for a company that has become something of a cloud and datacenter darling of late, but it could happen to anyone these days and such openness is to be commended.The company promises more details as they become available. ®Sursa TheRegister.co.uk Quote
