An attack on Linux Foundation Web sites may be tied to an earlier breach of Kernel.org. The Linux Foundation notified members with Linux.com and LinuxFoundation.org accounts of a security breach this week.

A breach, possibly related to an earlier rootkit attack on Kernel.org, may have compromised “usernames, passwords, email addresses and other information,” according to an email sent out by the organization. The message suggested that members should change authentication keys (passwords, SSH) used to access the Linux Foundation sites as well as any other Web Sites where they use the same keys.

The extent of this breach seems pretty big. As a precautionary step, the servers involved in the attack are going through a complete reinstall and the Linux Foundation sites are currently under maintenance. All you find on them now is a default page explaining the situation along with a short FAQ. Information on the breach is very limited, leaving a lot to speculation and no small bit of concern.

The breach was discovered on September 8^th and is believed to be connected to a similar attack on Kernel.org late last month. Kernel.org is currently down for maintenance as well.

Though there is yet to be a full explanation on the nature of the attack, a Linux Foundation investigation is under way with the aide of U.S. and European authorities.

Being important portals for many of us in the Linux community, a security breach on Linux Foundation servers warrants as much concern as an attack on Microsoft, IBM or HP. Not only does it threaten our security, the attack harms the reputation of a movement that doesn’t need any bad publicity right now, especially with announcements regarding upcoming Microsoft Windows and Windows Server releases.

Per the posted FAQ , Linux.com email is still available, however the Linux Foundation has yet to respond to messages requesting more information about the security breach.