An issue was reported to the Drupal.org infrastructure team that uncovered an installed rootkit on our pre-production (dev and staging) environment on April 19th. We stopped all services on these servers. The access was gained through an open VNC port on our OpenStack environment that allowed hijacking of an open console session. The attacker was attempting to create a distributed denial of service (DDoS) attack on targeted IPs.
There is no evidence that information was taken from our staging database or that user information was compromised.
Today, we are introducing a new ‘Community’ user role on the site. It will be granted automatically to users who have been around for some time and reached a certain level of participation on Drupal.org.