Stack Overflow, the popular Q&A platform for programmers, this week shared technical information on how its systems were breached back in 2019, and it turns out that the hacker often viewed questions posted on Stack Overflow to learn how to conduct various activities on the compromised systems.
The security breach was disclosed by Stack Overflow in mid-May 2019, and a few days later it admitted that the incident resulted in the details of some users being exposed.
Stack Overflow has now published a detailed timeline of the attack, which appears to have started on April 30, 2019, and was discovered nearly two weeks later, on May 12, after a suspicious user account that had escalated privileges was noticed by the community.
The company said the attacker had managed to gain access to the personal information of 184 users — it initially said 250 users were impacted — including names, email addresses and IP addresses. There was no indication that the hacker’s goal was to obtain user information.
However, more importantly, the attacker gained access to source code, which they managed to exfiltrate. The attacker apparently started from a low-privileged account and gradually worked their way up to the point where they could steal Stack Overflow source code.
“Thankfully, none of the databases—neither public (read: Stack Exchange content) nor private (Teams, Talent, or Enterprise)—were exfiltrated. Additionally, there has been no evidence of any direct access to our internal network infrastructure, and at no time did the attacker ever have access to data in Teams, Talent, or Enterprise products,” Stack Overflow said in its blog post.
The attacker regularly viewed questions posted on Stack Overflow to obtain information, which allowed the company to “anticipate and understand the attacker’s methodology” during its investigation.
Stack Overflow says it cannot share any information about the attacker due to ongoing investigations, but the company’s description of the attack suggests that the hacker was skilled and determined.
In addition to a detailed description of the attacker’s actions, Stack Overflow’s blog post also provides information on the remediation steps taken by the company in response to the attack, as well as advice for other organizations to help them prevent these types of incidents.
Related: Source Code From Major Firms Leaked via Unprotected DevOps Infrastructure
Related: Source Code of Windows XP, Server 2003 Allegedly Leaked
Related: Code Stolen After Developer Installed Trojanized App

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- AntChain, Intel Create New Privacy-Preserving Computing Platform for AI Training
- Several Major Organizations Confirm Being Impacted by MOVEit Attack
- Verizon 2023 DBIR: Human Error Involved in Many Breaches, Ransomware Cost Surges
- Google Patches Third Chrome Zero-Day of 2023
- Ransomware Group Used MOVEit Exploit to Steal Data From Dozens of Organizations
- Cybersecurity M&A Roundup: 36 Deals Announced in May 2023
- In Other News: Government Use of Spyware, New Industrial Security Tools, Japan Router Hack
- Apple Denies Helping US Government Hack Russian iPhones
Latest News
- KeePass Update Patches Vulnerability Exposing Master Password
- AntChain, Intel Create New Privacy-Preserving Computing Platform for AI Training
- Keep Aware Raises $2.4M to Eliminate Browser Blind Spots
- Google Workspace Gets Passkey Authentication
- Cybersecurity Startup Elba Raises €2.5 Million for Employee-Focused Product
- Zoom Expands Privacy Options for European Customers
- Several Major Organizations Confirm Being Impacted by MOVEit Attack
- Apple Unveils Upcoming Privacy and Security Features
