Search
HomeEthereumSecurity alert : Ethereum.org Forums Database Compromised
Ethereum

Security alert [12/19/2016]: Ethereum.org Forums Database Compromised

admin
By admin

-

9
0


On December 16, we were made aware that someone had recently gained unauthorized access to a database from forum.ethereum.org. We immediately launched a thorough investigation to determine the origin, nature, and scope of this incident. Here is what we know:

  • The information that was recently accessed is a database backup from April 2016 and contained information about 16.5k forum users.
  • The leaked information includes

    • Messages, both public and private
    • IP-addresses
    • Username and email addresses
    • Profile information
    • Hashed passwords

      • ~13k bcrypt hashes (salted)
      • ~1.5k WordPress-hashes (salted)
      • ~2k accounts without passwords (used federated login)

  • The attacker self-disclosed that they are the same person/persons who recently hacked Bo Shen.
  • The attacker used social engineering to gain access to a mobile phone number that allowed them to gain access to other accounts, one of which had access to an old database backup from the forum.

We are taking the following steps:

  • Forum users whose information may have been compromised by the leak will be receiving an email with additional information.
  • We have closed the unauthorized access points involved in the leak.
  • We are enforcing stricter security guidelines internally such as removing the recovery phone numbers from accounts and using encryption for sensitive data.
  • We are providing the email addresses that we believe were leaked to https://haveibeenpwned.com, a service that helps communicate with affected users.
  • We are resetting all forum passwords, effective immediately.

If you were affected by the attack we recommend you do the following:

  • Ensure that your passwords are not reused between services. If you have reused your forum.ethereum.org password elsewhere, change it in those places.

Additionally, we recommend this excellent blog post by Kraken that provides useful information about how to protect against these types of attacks.

We deeply regret that this incident occurred and are working diligently internally, as well as with external partners to address the incident.

Questions can be directed to security@ethereum.org.



Source link

Previous article
Philippines to Host Crypto Vision Conference in Makati
Next article
Earn $8K Daily with Cloud Mining
admin
adminhttps://www.gpttut.com

LEAVE A REPLY

Please enter your comment!
Please enter your name here

LATEST POSTS

Ethereum

The Ethereum network is currently undergoing a DoS attack

URGENT ALL MINERS: The network is under attack. The attack is a computational DDoS, ie. miners and nodes need to spend a very long...
NFT's

Star Atlas and Shaga to Launch $100,000 Creator Campaign

Web3 grand strategy MMO Star Atlas has partnered with Twitch add-on layer Shaga to launch a $100,000 USD Creator Campaign, with rewards in $ATLAS...
Bitcoin

Crypto Con Hits High Office: Minister’s X Account Hacked

Trusted Editorial content, reviewed by leading industry experts and seasoned editors. Ad Disclosure UK Government Minister Lucy Powell’s X account was hacked on Tuesday morning...
Crypto

Fluffy slot cats Favourites slot: Have fun with twenty-five Free spins Extra!

Looking for a place to play is actually a lengthy processes because the you dont want to rating trapped by the fraudsters. When deciding...
Load more

Follow us

0FansLike
0FollowersFollow
0SubscribersSubscribe

Most Popular

Welcome to GPTTUT, your go-to platform for everything related to the world of cryptocurrency! Our mission is to provide accurate, insightful, and up-to-date information to help you navigate the ever-evolving crypto landscape.

Latest articles

Popular Categories