Recently the Linux Mint website and forums were compromised and the download link for the Linux Mint ISO file was replaced with a link to a backdoored ISO file.

While the fact that they were compromised doesn't concern me that much, it happens to just about everyone in the long run. The two big questions I'm much more concerned about are "How did it happen" and "How did the Linux Mint team react?".

How did it happen?

We still don't know for sure, there has been lot's of speculation, there was an official post saying it was from their WordPress install but no real detail and some conflicting information later. The most plausible theories are that the server hosting the website was also hosting a number of different sites like a Wordpress site that was out of date and a some phpBB forums. It has been suggested that someone used a known vulnerability in either WordPress or phpBB to compromise the server and from there were able to modify the main website.

How did Linux Mint react?

In my opinion they reacted very poorly. I think the correct procedure would have been to shutdown the server, determan the root cause of the breach, reinstall from backups and make sure the vulnerability was patched before bringing the server back up. But from the comments we can see that the link was changed back to the backdoored ISO after the announcement showing the attackers were still in controll of the server.

Thanks for reporting this, this is a second attack so it means we?re still vulnerable. I?m shutting the server down right now.

Other organisations like Debian and Linux Australia hav both suffered breaches in the past but they have done a much more thorough job of reacting to it and reporting it.