Security alert [12/19/2016]: Ethereum.org Forums Database Compromised

On December 16, we had been made conscious that somebody had lately gained unauthorized entry to a database from forum.ethereum.org. We instantly launched a radical investigation to find out the origin, nature, and scope of this incident. Here’s what we all know:

The knowledge that was lately accessed is a database backup from April 2016 and contained details about 16.5k discussion board customers.
The leaked info contains
- Messages, each private and non-private
- IP-addresses
- Username and e-mail addresses
- Profile info
- Hashed passwords
  - ~13k bcrypt hashes (salted)
  - ~1.5k WordPress-hashes (salted)
  - ~2k accounts with out passwords (used federated login)
The attacker self-disclosed that they’re the identical particular person/individuals who recently hacked Bo Shen.
The attacker used social engineering to achieve entry to a cell phone quantity that allowed them to achieve entry to different accounts, considered one of which had entry to an previous database backup from the discussion board.

We’re taking the next steps:

Discussion board customers whose info might have been compromised by the leak can be receiving an e-mail with further info.
Now we have closed the unauthorized entry factors concerned within the leak.
We’re imposing stricter safety tips internally akin to eradicating the restoration cellphone numbers from accounts and utilizing encryption for delicate knowledge.
We’re offering the e-mail addresses that we imagine had been leaked to https://haveibeenpwned.com, a service that helps talk with affected customers.
We’re resetting all discussion board passwords, efficient instantly.

In the event you had been affected by the assault we suggest you do the next:

Be sure that your passwords will not be reused between companies. When you have reused your discussion board.ethereum.org password elsewhere, change it in these locations.

Moreover, we suggest this excellent blog post by Kraken that gives helpful details about learn how to defend in opposition to most of these assaults.

We deeply remorse that this incident occurred and are working diligently internally, in addition to with exterior companions to handle the incident.

Questions could be directed to security@ethereum.org.

Source link

Security alert [12/19/2016]: Ethereum.org Forums Database Compromised

Ethereum Funding Rates Resume Uptrend As ETH Prepares For Key Price Breakout

Introducing the 2025 Academic Grants Round

Expert Predicts Surge To $14,000 In 6 Months

Ethereum Forms A Bullish Continuation Pattern, An Upsurge To New Heights Ahead?

A Catalyst for Unprecedented Buying Surge? –

Why The Crash To $0.31 Remains Natural

Tezos Hits 8-Month High: Is XTZ Heading For Skyrocket Move?

Sui Recognizes Sports Fans Through Strategic Partnership with Fan Engagement Platform Trace

Why Reclaiming The $96,400 Level Is Very Important For Another Rally

Top Insights

Cardano Will Reach $1.50 Once The $1.10 Resistance Breaks – Details

Crypto.Com Forays Into Wall Street With New Exchange Platform

Coinbase CEO Suggests Possible USDT Delisting Under Regulatory Pressure

Telegram Partners with TON Blockchain to Build Exclusive Crypto Ecosystem

Security alert [12/19/2016]: Ethereum.org Forums Database Compromised

Related Posts