Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Open Source Privacy

OpenWRT Forum User Data Stolen In Weekend Data Breach (bleepingcomputer.com) 16

The OpenWRT forum, a large community of enthusiasts of alternative, open-source operating systems for routers, announced a data breach over the weekend. Bleeping Computer reports: The attack occurred on Saturday, around 04:00 (GMT), when an unauthorized third party gained admin access to and copied a list with details about forum users and related statistical information. The intruder used the account of an OpenWRT administrator. Although the account had "a good password," additional security provided by two-factor authentication (2FA) was not active. Email addresses and handles of the forum users have been stolen, the moderators say. They add that they believe the attacker was not able to download the forum database, meaning that passwords should be safe. However, they reset all the passwords on the forum just to be on the safe side and invalidated all the API keys used for project development processes.

Users have to set the new password manually from the login menu by providing their user name and following the "get a new password" instructions. Those logging in using GitHub credentials are advised to reset or refresh it. The OpenWRT forum credentials are separate from the Wiki. Currently, there is no suspicion that the Wiki credentials have been compromised in any way. OpenWRT forum administrators warn that since this breach exposed email addresses, users may become targets of credible phishing attempts.

This discussion has been archived. No new comments can be posted.

OpenWRT Forum User Data Stolen In Weekend Data Breach

Comments Filter:
    • Re: (Score:1, Offtopic)

      by wuulfgar ( 703966 )
      There was a time that within 30 seconds of a post, there'd be 100s of comments. Even with everyone home due to quarantines, this is just weird. A ghost town. OpenWRT is kinda a big deal, innit?
      • by Sebby ( 238625 )
        I don't think all /. viewers necessarily see the most recent stories at the same time now. I've noticed that there seems to be a delay between when a story first goes up, and the time there's votes and inflow of comments.
      • If only we could find somebody with a user number low enough to remember those ancient times....
        • by timelorde ( 7880 )

          Seems like just yesterday to me. Ancient times is more like posting something to comp.sys.next.advocacy, and waiting days for replies to trickle in.

      • good grief.

      • It was good, I think it pushed companies to make their own web portals more responsive and feature rich. It might still be useful for extending the life of older routers, but I haven't used it for a few years now.
    • Comment removed based on user account deletion
      • One would presume that people smart enough to use OpenWrt would be smart enough to not use the same password on multiple sites.

        I guess you just cant expect the forum site administrators for people smart enough to use OpenWRT to be that smart, eh?

      • I'd hate it if my username and email address were publicly exposed!

    • It's not good, but it's not that bad. I for one have my email address all over the place and promote openwrt regularly, so I am no more a phishing target than I was last week.

  • by felixrising ( 1135205 ) on Monday January 18, 2021 @06:17PM (#60961728)
    Oh good, I just got an email from them asking me to update my password, let me just click through and do that real quick....
  • just tried to login. Failed. Just tried to reset my password. They say my account does not exist.

    Maybe they've restored to an old backup?

  • by bobjr94 ( 1120555 ) on Tuesday January 19, 2021 @03:14AM (#60962992) Homepage
    Normally wake up to 2-4 junk mails, then one day I will have 40+. A few days later get an email or notification that my email address was found in a recent data breach from a website. The spammers love fresh email lists, they don't care about the data breach really, they just download and use or sell the newly found email addresses.

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...