“Peace was ‘just poking around’ the site in January when they found a vulnerability granting unauthorized access. (The hacker also said they had the credentials to log in to the site’s admin panel as Lefebvre, but was reluctant to explain how in case it proved useful again.) On Saturday, the hacker replaced one of the 64-bit Linux distribution images (ISO) with one that was modified by adding a backdoor, and later decided to ‘replace all mirrors’ for every downloadable version of Linux on the site with a modified version of their own.
The backdoored version isn’t as difficult as you’d think. Because the code is open-source, the hacker said it took them just a few hours to repack a Linux version that contained the backdoor.”
Source: Hacker explains how he put “backdoor” in hundreds of Linux Mint downloads | ZDNet