Skip to main content

WineHQ breached, passwords downloaded

The WineHQ site, which organises work around the popular Windows compatibility layer for Linux, BSD, Solaris, and Mac OS X, has been attacked and the usernames and passwords of contributors downloaded by persons unknown.

Confirmed in a message to the project's mailing list last night, the attacker saw unknown assailants enter the server via the PHPMyAdmin utility before downloading the entire user credentials database for both the Bugzilla fault-tracking system and the WineHQ AppDB.

"This means that they have all of those emails, as well as the passwords," Jeremy White of project organiser CodeWeavers confirms in his mailing list post. "The passwords are stored encrypted, but with enough effort and depending on the quality of the password, they can be cracked.

"This, I'm afraid, is a serious threat; it means that anyone who uses the same email/password on other systems is now vulnerable to a malicious attacker using that information to access their account," White warns.

It's a major problem: Wine is extremely popular among gamers and professionals for allowing copies of popular Windows-only packages like Microsoft Office and Guild Wars to run under Linux, BSD, Solaris, and Mac OS X operating systems. CodeWeavers, as the corporate sponsors of the project, also produce a commercial version under the name Crossover.

The WineHQ AppDB is the central repository for information about the compatibility of various versions of Windows software with the various version of Wine. Both project contributors and end-users frequently make use of the service to check compatibility, and to add their own notes - and tweaks, if the default settings result in poor peformance - to the database.

"We are going to be resetting every password and sending a private email to every affected user," White explains. "I am very sad to have to report this. We have so many challenges in our world today that this is a particularly painful form of salt for our wounds."

The team has now secured the server by removing access to PHPMyAdmin, changed the administrative details, and reset everyone's passwords for security. The attacker is not thought to have gained access to any other part of the system, such as the source code repository for Wine itself.