The OpenWrt Project, the developer of the open source Linux operating system for embedded devices, informed users on Monday that someone had breached its forum over the weekend.
In a security notice posted on the OpenWrt forum, users were told that the hacker gained access to the account of an administrator on January 16. It’s unclear how the account became compromised — it had a “good password,” but two-factor authentication was not enabled.
According to the OpenWrt Project, the attacker downloaded user information, including email addresses, handles, and statistical data related to forum users.
While there is no indication that the forum database has been downloaded, the decision has been made to reset all passwords and flush API keys.
Users have been instructed to manually reset their password using the “get a new password” feature on the OpenWrt forum. Since email addresses and usernames have been exposed, impacted individuals have been warned that they may receive phishing emails. GitHub logins or OAuth keys should also be reset.
“OpenWrt forum credentials are entirely independent of the OpenWrt Wiki. There is no reason to believe there has been any compromise to the Wiki credentials,” the security notice reads.
The OpenWrt Project has promised to provide updates if more information comes to light.
Related: Remote Code Execution Vulnerability Patched in OpenWrt
Related: 562,000 Impacted in XKCD Forum Data Breach
Related: Data of ZoneAlarm Forum Users Leaked Following Breach
Related: Comodo Forums Hacked via Recently Disclosed vBulletin Vulnerability
Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- macOS 14 Sonoma Patches 60 Vulnerabilities
- New GPU Side-Channel Attack Allows Malicious Websites to Steal Data
- Microsoft Adding New Security Features to Windows 11
- Sony Investigating After Hackers Offer to Sell Stolen Data
- 900 US Schools Impacted by MOVEit Hack at National Student Clearinghouse
- Predator Spyware Delivered to iOS, Android Devices via Zero-Days, MitM Attacks
- China’s Offensive Cyber Operations in Africa Support Soft Power Efforts
- SANS Survey Shows Drop in 2023 ICS/OT Security Budgets
Latest News
- Chinese Gov Hackers Caught Hiding in Cisco Router Firmware
- CISA Unveils New HBOM Framework to Track Hardware Components
- Gem Security Lands $23 Million Series A Funding
- Misconfigured TeslaMate Instances Put Tesla Car Owners at Risk
- Firefox 118 Patches High-Severity Vulnerabilities
- Stolen GitHub Credentials Used to Push Fake Dependabot Commits
- Google Open Sources Binary File Comparison Tool BinDiff
- macOS 14 Sonoma Patches 60 Vulnerabilities
