A Linux Australia server hosting a conference attendee database was compromised after cybercriminals were able to gain root level access. Information taken related to the Linux Aus Conference for 2013, 2014 and 2015, along with PyCon Australia 2013 and 2014 - stolen data included names, email addresses, physical mailing addresses, phone numbers, and passwords.
Hackers were able to trigger a remote buffer overflow after installing a remote access tool, and then rebooted the server so software was loaded into memory. From there, a command & control center was installed and began operation - and system administrators note that it doesn't look like personal information was taken, but an investigation continues.
"In accordance with our values of transparency and openness, we wish to inform you of a security breach of Linux Australia's servers," said Joshua Hesketh, organization president of Linux Australia. "This incident has resulted in the possible, but not confirmed, release of personal information."