Organizers of the Linux Australia conference have revealed that personal data of delegates may have been exposed after a hacker was able to gain access to a server, reports Security Affairs.
Although admins believe the purpose of the attack was not for harvesting data, attackers may have had access to personal details, including full names, email addresses, physical addresses, phone numbers (if provided) and hashed user passwords.
No payment information was at risk, as Linux Australia uses a third party payment system, the organization said.
The attackers were able to gain the highest privilege level on the system to install Botnet command and control software, according to Softpedia. The attack took place on March 22, and owners when tipped off when the hosting server delivered a "high volume of error reporting messages." It seems the hacker had been able to trigger a remote buffer overflow condition, giving them root level access to the server.
"Whilst there is no indication that personal information was removed from the server, the logical course of action is that we operate on a worst case situation, and proceed on the belief that this has occurred," wrote Joshua Hesketh, president of Linux Australia.
"For your security, we strongly encourage you change your passwords on other web services if the same password may have used when registering for our conferences. This would also include your Mozilla Persona accounts if you have chosen to use this method for authentication."
Linux Australia has yet to reveal how many people had been affected by the hack, but the organization "represents 5,000 free and open source software developers and users", according to CSO.