Safety alert [12/19/2016]: Ethereum.org Boards Database Compromised – CoinNewsTrend

Safety alert [12/19/2016]: Ethereum.org Boards Database Compromised

[ad_1]

On December 16, we have been made conscious that somebody had lately gained unauthorized entry to a database from discussion board.ethereum.org. We instantly launched a radical investigation to find out the origin, nature, and scope of this incident. Here’s what we all know:

  • The data that was lately accessed is a database backup from April 2016 and contained details about 16.5k discussion board customers.
  • The leaked data contains

    • Messages, each private and non-private
    • IP-addresses
    • Username and electronic mail addresses
    • Profile data
    • Hashed passwords

      • ~13k bcrypt hashes (salted)
      • ~1.5k WordPress-hashes (salted)
      • ~2k accounts with out passwords (used federated login)

  • The attacker self-disclosed that they’re the identical particular person/individuals who lately hacked Bo Shen.
  • The attacker used social engineering to realize entry to a cell phone quantity that allowed them to realize entry to different accounts, considered one of which had entry to an previous database backup from the discussion board.

We’re taking the next steps:

  • Discussion board customers whose data could have been compromised by the leak will probably be receiving an electronic mail with extra data.
  • Now we have closed the unauthorized entry factors concerned within the leak.
  • We’re imposing stricter safety pointers internally similar to eradicating the restoration cellphone numbers from accounts and utilizing encryption for delicate knowledge.
  • We’re offering the e-mail addresses that we imagine have been leaked to https://haveibeenpwned.com, a service that helps talk with affected customers.
  • We’re resetting all discussion board passwords, efficient instantly.

When you have been affected by the assault we advocate you do the next:

  • Be sure that your passwords will not be reused between providers. When you’ve got reused your discussion board.ethereum.org password elsewhere, change it in these locations.

Moreover, we advocate this wonderful weblog publish by Kraken that gives helpful details about how you can defend in opposition to a majority of these assaults.

We deeply remorse that this incident occurred and are working diligently internally, in addition to with exterior companions to deal with the incident.

Questions will be directed to safety@ethereum.org.

[ad_2]

Supply hyperlink