Stack Overflow, the popular Q&A platform for programmers, this week shared technical information on how its systems were breached back in 2019, and it turns out that the hacker often viewed questions posted on Stack Overflow to learn how to conduct various activities on the compromised systems.
The security breach was disclosed by Stack Overflow in mid-May 2019, and a few days later it admitted that the incident resulted in the details of some users being exposed.
Stack Overflow has now published a detailed timeline of the attack, which appears to have started on April 30, 2019, and was discovered nearly two weeks later, on May 12, after a suspicious user account that had escalated privileges was noticed by the community.
The company said the attacker had managed to gain access to the personal information of 184 users — it initially said 250 users were impacted — including names, email addresses and IP addresses. There was no indication that the hacker’s goal was to obtain user information.
However, more importantly, the attacker gained access to source code, which they managed to exfiltrate. The attacker apparently started from a low-privileged account and gradually worked their way up to the point where they could steal Stack Overflow source code.
“Thankfully, none of the databases—neither public (read: Stack Exchange content) nor private (Teams, Talent, or Enterprise)—were exfiltrated. Additionally, there has been no evidence of any direct access to our internal network infrastructure, and at no time did the attacker ever have access to data in Teams, Talent, or Enterprise products,” Stack Overflow said in its blog post.
The attacker regularly viewed questions posted on Stack Overflow to obtain information, which allowed the company to “anticipate and understand the attacker’s methodology” during its investigation.
Stack Overflow says it cannot share any information about the attacker due to ongoing investigations, but the company’s description of the attack suggests that the hacker was skilled and determined.
In addition to a detailed description of the attacker’s actions, Stack Overflow’s blog post also provides information on the remediation steps taken by the company in response to the attack, as well as advice for other organizations to help them prevent these types of incidents.
Related: Source Code From Major Firms Leaked via Unprotected DevOps Infrastructure
Related: Source Code of Windows XP, Server 2003 Allegedly Leaked
Related: Code Stolen After Developer Installed Trojanized App