Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

OpenWrt Informs Users of Forum Breach

The OpenWrt Project, the developer of the open source Linux operating system for embedded devices, informed users on Monday that someone had breached its forum over the weekend.

The OpenWrt Project, the developer of the open source Linux operating system for embedded devices, informed users on Monday that someone had breached its forum over the weekend.

In a security notice posted on the OpenWrt forum, users were told that the hacker gained access to the account of an administrator on January 16. It’s unclear how the account became compromised — it had a “good password,” but two-factor authentication was not enabled.

According to the OpenWrt Project, the attacker downloaded user information, including email addresses, handles, and statistical data related to forum users.

While there is no indication that the forum database has been downloaded, the decision has been made to reset all passwords and flush API keys.

Users have been instructed to manually reset their password using the “get a new password” feature on the OpenWrt forum. Since email addresses and usernames have been exposed, impacted individuals have been warned that they may receive phishing emails. GitHub logins or OAuth keys should also be reset.

“OpenWrt forum credentials are entirely independent of the OpenWrt Wiki. There is no reason to believe there has been any compromise to the Wiki credentials,” the security notice reads.

The OpenWrt Project has promised to provide updates if more information comes to light.

Related: Remote Code Execution Vulnerability Patched in OpenWrt

Advertisement. Scroll to continue reading.

Related: 562,000 Impacted in XKCD Forum Data Breach

Related: Data of ZoneAlarm Forum Users Leaked Following Breach

Related: Comodo Forums Hacked via Recently Disclosed vBulletin Vulnerability

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...