It’s been two weeks since the Linux Mint hacking incident was first reported. It was no doubt a major blow to the project but thankfully, the people behind it have pulled through and taken every measure to ensure this never happens again. It was certainly a learning experience for the developers of the distro, and for the rest of us as well.
So what can we all learn from this? A few things:
1. Anyone can be hacked.
In response to the generally negative views towards Mint and the hacking, many redditors have commented that this event was actually not that shocking. Many of them pointed out that if large companies like Sony experience being breached multiple times despite tight security, how much more distros like Mint? This is not to downplay the issue, but to inform the general public that it’s really a situation that can happen to anyone. Unlike Sony however, Mint had to deal with more negative press than they could handle, which brings us to the next lesson:
2. Manage your press.
Many Mint users agree that although the situation was bad, it received far more bad press than it should have, with plenty of vitriol along with it. It’s difficult to handle such things, but if the entire Linux community gave their full support and Mint had acknowledged and addressed the situation sooner, then perhaps the negative press would have been minimized. Unfortunately, this wasn’t entirely the case.
3. Always be aware.
According to Silviu Stahie of Softpedia, though the Linux Mint team claimed the hacking to be a recent event, they were already given a warning about it a month prior. On January 16 Pieter Vlasblom, a freelance Information Security Engineer and Developer informed the team of the breach via Twitter, and even had an image to prove it. But as we all know now, the team only publicly recognized the existence of hacked ISOs over a month later. Stahie suggests that this may be because the Mint team simply didn’t check their Twitter account often. This just goes to show that it pays to check on all sources of project-related information especially those served on a silver platter, like your own social media pages.
4. Strengthen security.
This is perhaps the most crucial and pertinent lesson of all. Although it started out as a small project, Mint undoubtedly became a very popular distribution. When distros reach this level of popularity it’s crucial for the developers to have the necessary security structures in place. There’s no room for compromise here, especially for a serious distribution like what Mint turned out to be.
Anything else you’ve learned from this series of unfortunate events? Share your thoughts in the comments section below.