Security alert [12/19/2016]: Ethereum.org Forums Database Compromised

On December 16, we have been made conscious that somebody had not too long ago gained unauthorized entry to a database from forum.ethereum.org. We instantly launched an intensive investigation to find out the origin, nature, and scope of this incident. Here’s what we all know:

The data that was not too long ago accessed is a database backup from April 2016 and contained details about 16.5k discussion board customers.
The leaked info contains
- Messages, each private and non-private
- IP-addresses
- Username and e mail addresses
- Profile info
- Hashed passwords
  - ~13k bcrypt hashes (salted)
  - ~1.5k WordPress-hashes (salted)
  - ~2k accounts with out passwords (used federated login)
The attacker self-disclosed that they’re the identical particular person/individuals who recently hacked Bo Shen.
The attacker used social engineering to achieve entry to a cell phone quantity that allowed them to achieve entry to different accounts, one in every of which had entry to an outdated database backup from the discussion board.

We’re taking the next steps:

Discussion board customers whose info might have been compromised by the leak will likely be receiving an e mail with extra info.
Now we have closed the unauthorized entry factors concerned within the leak.
We’re imposing stricter safety tips internally reminiscent of eradicating the restoration cellphone numbers from accounts and utilizing encryption for delicate knowledge.
We’re offering the e-mail addresses that we imagine have been leaked to https://haveibeenpwned.com, a service that helps talk with affected customers.
We’re resetting all discussion board passwords, efficient instantly.

In case you have been affected by the assault we suggest you do the next:

Be certain that your passwords will not be reused between providers. When you’ve got reused your discussion board.ethereum.org password elsewhere, change it in these locations.

Moreover, we suggest this excellent blog post by Kraken that gives helpful details about learn how to defend towards a majority of these assaults.

We deeply remorse that this incident occurred and are working diligently internally, in addition to with exterior companions to handle the incident.

Questions might be directed to security@ethereum.org.

Source link

Security alert [12/19/2016]: Ethereum.org Forums Database Compromised

Ethereum Is Pivoting Into The AI Industry? Here’s What We Know So Far

Ethereum aims to stop rogue AI agents from stealing trust with new ERC-8004

Banks may lose up to $500B after Fidelity’s official token launches on Ethereum with freeze powers

Ethereum Foundation is hiring an Executive Director

Ethereum Is Positioned As The Backbone Of AI-Powered Finance, Here’s Why

What Happens When You Don’t Report Your Crypto Taxes to the IRS

Cardano Hits 1M Transactions but is ADA’s Price Finally About to Break $1?

Why is France pushing for stricter EU-wide cryptocurrency regulations, and what are the implications?

LINK Exchange Liquidity Dries Up

Top Insights

Ethereum’s Real Strength Lies Elsewhere, Says Curve Finance

Bitcoin Tipping Is Now Live On X, Powered By BitBit And Spark

Grayscale puts AVAX ETF On The Radar With NASDAQ Listing

Security alert [12/19/2016]: Ethereum.org Forums Database Compromised

Related Posts