The Linux Mint website was hacked this weekend, 20th February 2016, resulting in the ISO of the latest distribution being replaced with one that contains a backdoor.
Users who downloaded the operating system on Saturday have been warned not to use it, and those who use the Linux Mint forums have been told to replace their passwords.
In a blog post, Clement Lefebvre, the head of the Linux Mint project, said: "Hackers made a modified Linux Mint ISO, with a backdoor in it, and managed to hack our website to point to it."
He added that "As far as we know, the only compromised edition was Linux Mint 17.3 Cinnamon edition."
When outlining the issue, Lefebvre said that it does not affect those who downloaded the operating systems via torrents or HTTP link. Linux Mint developers said that by yesterday, Sunday 21st February 2016, they had managed to correct the issue.
Linux Mint claim to know who was behind the attack, but appear to have so far declined to inform the security services.
Lefebvre said that the domains involved lead to three named people in Sofia, Bulgaria. "If more efforts are made to attack our project and if the goal is to hurt us, we’ll get in touch with authorities and security firms to confront the people behind this," he said.
A hacker named Peace said they were responsible for the hack. In an encrypted conversation with ZDnet, Peace said that "a few hundred" installs of the operating systems were under their control, which is a significant section of the 1000+ downloads that took place on the day.
Peace also said that they had stolen entire copies of the forum on two occasions, on January 28th 2016, and then a few weeks later on February 18th.
The hacker also said that some passwords had been cracked, with the data being sold on the darkweb for 0.197 bitcoin ($85) a download.
The incident follows up one on February 16th 2016, when Google and Red Hat engineers revealed and patched a security vulnerability affecting the Glibc open source code library. As the vulnerability concerned DNS, there was significant fallout for Linux.
A variety of key command-line Linux utilities could have been used to exploit devices as a result of that vulnerability.