Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Stack Overflow Shares Technical Details on 2019 Hack

Stack Overflow, the popular Q&A platform for programmers, this week shared technical information on how its systems were breached back in 2019, and it turns out that the hacker often viewed questions posted on Stack Overflow to learn how to conduct various activities on the compromised systems.

Stack Overflow, the popular Q&A platform for programmers, this week shared technical information on how its systems were breached back in 2019, and it turns out that the hacker often viewed questions posted on Stack Overflow to learn how to conduct various activities on the compromised systems.

The security breach was disclosed by Stack Overflow in mid-May 2019, and a few days later it admitted that the incident resulted in the details of some users being exposed.

Stack Overflow has now published a detailed timeline of the attack, which appears to have started on April 30, 2019, and was discovered nearly two weeks later, on May 12, after a suspicious user account that had escalated privileges was noticed by the community.

The company said the attacker had managed to gain access to the personal information of 184 users — it initially said 250 users were impacted — including names, email addresses and IP addresses. There was no indication that the hacker’s goal was to obtain user information.

However, more importantly, the attacker gained access to source code, which they managed to exfiltrate. The attacker apparently started from a low-privileged account and gradually worked their way up to the point where they could steal Stack Overflow source code.

“Thankfully, none of the databases—neither public (read: Stack Exchange content) nor private (Teams, Talent, or Enterprise)—were exfiltrated. Additionally, there has been no evidence of any direct access to our internal network infrastructure, and at no time did the attacker ever have access to data in Teams, Talent, or Enterprise products,” Stack Overflow said in its blog post.

The attacker regularly viewed questions posted on Stack Overflow to obtain information, which allowed the company to anticipate and understand the attacker’s methodology during its investigation.

Advertisement. Scroll to continue reading.

Stack Overflow details hack

Stack Overflow says it cannot share any information about the attacker due to ongoing investigations, but the company’s description of the attack suggests that the hacker was skilled and determined.

In addition to a detailed description of the attacker’s actions, Stack Overflow’s blog post also provides information on the remediation steps taken by the company in response to the attack, as well as advice for other organizations to help them prevent these types of incidents.

Related: Source Code From Major Firms Leaked via Unprotected DevOps Infrastructure

Related: Source Code of Windows XP, Server 2003 Allegedly Leaked

Related: Code Stolen After Developer Installed Trojanized App

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.