On December 16, we have been made mindful that any individual had lately received unauthorized get right of entry to to a database from discussion board.ethereum.org. We right away introduced a radical investigation to decide the beginning, nature, and scope of this incident. Here’s what we all know:

  • The ideas that was once lately accessed is a database backup from April 2016 and contained details about 16.5k discussion board customers.
  • The leaked data comprises

    • Messages, each private and non-private
    • IP-addresses
    • Username and e-mail addresses
    • Profile data
    • Hashed passwords

      • ~13k bcrypt hashes (salted)
      • ~1.5k WordPress-hashes (salted)
      • ~2k accounts with out passwords (used federated login)

  • The attacker self-disclosed that they’re the similar particular person/individuals who lately hacked Bo Shen.
  • The attacker used social engineering to achieve get right of entry to to a cell phone quantity that allowed them to achieve get right of entry to to different accounts, one in every of which had get right of entry to to an outdated database backup from the discussion board.

We’re taking the next steps:

  • Discussion board customers whose data can have been compromised via the leak might be receiving an e-mail with more information.
  • We have now closed the unauthorized get right of entry to issues concerned within the leak.
  • We’re imposing stricter safety pointers internally equivalent to casting off the restoration telephone numbers from accounts and the usage of encryption for delicate knowledge.
  • We’re offering the e-mail addresses that we consider have been leaked to https://haveibeenpwned.com, a provider that is helping be in contact with affected customers.
  • We’re resetting all discussion board passwords, efficient right away.

If you happen to have been suffering from the assault we advise you do the next:

  • Be sure that your passwords aren’t reused between services and products. You probably have reused your discussion board.ethereum.org password in different places, exchange it in the ones puts.

Moreover, we advise this very good weblog submit via Kraken that gives helpful details about how to give protection to in opposition to a majority of these assaults.

We deeply feel sorry about that this incident befell and are running diligently internally, in addition to with exterior companions to handle the incident.

Questions will also be directed to safety@ethereum.org.

LEAVE A REPLY

Please enter your comment!
Please enter your name here