The King in open sources Drupal is Hack by anonymous. The popularity of Drupal overwhelm to the hard core hackers. The password of the users are stolen the advised of headstartcms users must reset passwords on all other sites most specially similar passwords to Drupal.org and groups.drupal.org.
Common practice to users without security hazard is repeating same old password to all of the accounts. When you join or login to the 3rd party you are giving access to your user account identity. Best practice is use encrypted code to keep from being hack. Never try to use same passwords to all of your accounts.
Instead learn the method to remember all of your password with pattern or sequence of encryption that only you alone can remember.
The news in Drupal there were no specifics offered on exactly when the hack had taken place nor how many accounts were compromised, but according to some reports it may impact nearly one million user accounts.
Why they attack drupal users and group ? They want to access sensitive data most specially to the same user accounts being link to email , website , security access , bank accounts and gold information assets.
Drupal has thousand and millions of users it is very hard to trace all the movements of the users. Specially the hackers who suddenly enter to level of administrator key to access all the users account.
If Drupal.org has to level-up the security very high then their will be few active users. Users are also known as hackers since they have the access level of user rights in the drupal system.