Security Notice - Forum break-in

Ted Hess thess at kitschensync.net
Sun Jan 17 14:17:18 EST 2021


Around 0400 GMT on 16 Jan 2021, an administrator account on the OpenWrt 
forum (https://forum.openwrt.org) was breached. It is not known how the 
account was accessed: the account had a good password, but did not have 
two-factor authentication enabled.
The intruder was able to download a copy of the user list that contains 
email addresses, handles, and other statistical information about the 
users of the forum. Although we do not believe the intruder could 
download the database, from an abundance of caution, we are following 
the advice of the Discourse community and have reset all passwords on 
the Forum, and flushed any API keys.
1) You will need to reset your password using the procedure as follows.
- MANUALLY type the following link without spaces: https : // forum . 
openwrt . org
- Do not click a link, enter your user name, and follow the "get a new 
password" hint.
2) You should assume that your email address and handle have been 
disclosed. That means you may get phishing emails that include your 
name. DO NOT click links, but instead manually type the url of the forum 
as above.
3) If you use Github login/OAuth key, you should reset/refresh it.
4) OpenWrt forum credentials are entirely independent of the OpenWrt 
Wiki (https://openwrt.org). There is no reason to believe there has been 
any compromise to the Wiki credentials.
We apologize for the inconvenience caused by this attack. We will 
provide updates if we learn any more about the attacker or information 
that was disclosed.




More information about the openwrt-announce mailing list