HomeEthereumSecurity alert : Ethereum.org Forums Database Compromised
Security alert [12/19/2016]: Ethereum.org Forums Database Compromised
Ethereum

Security alert [12/19/2016]: Ethereum.org Forums Database Compromised

crypto4unews
By crypto4unews

-

3
0


On December 16, we were made aware that someone had recently gained unauthorized access to a database from forum.ethereum.org. We immediately launched a thorough investigation to determine the origin, nature, and scope of this incident. Here is what we know:

  • The information that was recently accessed is a database backup from April 2016 and contained information about 16.5k forum users.
  • The leaked information includes

    • Messages, both public and private
    • IP-addresses
    • Username and email addresses
    • Profile information
    • Hashed passwords

      • ~13k bcrypt hashes (salted)
      • ~1.5k WordPress-hashes (salted)
      • ~2k accounts without passwords (used federated login)

  • The attacker self-disclosed that they are the same person/persons who recently hacked Bo Shen.
  • The attacker used social engineering to gain access to a mobile phone number that allowed them to gain access to other accounts, one of which had access to an old database backup from the forum.

We are taking the following steps:

  • Forum users whose information may have been compromised by the leak will be receiving an email with additional information.
  • We have closed the unauthorized access points involved in the leak.
  • We are enforcing stricter security guidelines internally such as removing the recovery phone numbers from accounts and using encryption for sensitive data.
  • We are providing the email addresses that we believe were leaked to https://haveibeenpwned.com, a service that helps communicate with affected users.
  • We are resetting all forum passwords, effective immediately.

If you were affected by the attack we recommend you do the following:

  • Ensure that your passwords are not reused between services. If you have reused your forum.ethereum.org password elsewhere, change it in those places.

Additionally, we recommend this excellent blog post by Kraken that provides useful information about how to protect against these types of attacks.

We deeply regret that this incident occurred and are working diligently internally, as well as with external partners to address the incident.

Questions can be directed to security@ethereum.org.



Source link

Previous article
December Roundup | Ethereum Foundation Blog
Next article
Swarm alpha public pilot and the basics of Swarm
crypto4unews
crypto4unewshttps://crypto4unews.com

LEAVE A REPLY

Please enter your comment!
Please enter your name here

LATEST POSTS

Ethereum

The History of Casper – Chapter 1

Vitalik suggested last week that I share my basic research and design philosophy in a blog post, I agreed but complained that it was...
Ethereum

The History of Casper – Chapter 2

This chapter describes the game theory and economic security modelling we were doing in the Fall of 2014. It recounts how the "bribing attacker...
Ethereum

Swarm alpha public pilot and the basics of Swarm

With the long awaited geth 1.5 ("let there bee light") release, Swarm made it into the official go-ethereum release as an experimental feature. The...
Ethereum

December Roundup | Ethereum Foundation Blog

December marks a month of continued progress in the Ethereum ecosystem. Research on proof of stake and sharding continues after the research team's workshop in...
Load more

Most Popular

Subscribe to our newsletter!

The information provided on Crypto4Unews.com is for informational purposes only and should not be considered financial advice. Cryptocurrency investments carry risks, and it is crucial to conduct your own research and consult with a financial advisor before making any investment decisions. We strive to deliver accurate and up-to-date information, but we cannot guarantee the reliability or completeness of the content. Crypto4Unews.com is not responsible for any losses or damages arising from the use of our site or reliance on its information. Always invest responsibly and be aware of market volatility.

Latest articles

Popular Categories

© Copyright - 2024 crypto4unews.com. All rights reserved.