The Open WRT forum discloses data breach where hackers have infiltrated personal information and statistical details about the forum users.
The OpenWRT forum discloses data breach where hackers have infiltrated personal information and statistical details about the forum users.
OpenWRT is a Linux-based, community-maintained firmware project that provides custom software for a wide range of routers. The main components are Linux, musl, util-linux, and BusyBox.
The attack occurred on 1 January, around 04:00 (GMT), when threat actors gained admin access to and downloaded a copy of the list with details about forum users and related statistical information.
The attacker breached an administrator account on the OpenWrt forum. The compromised account had a “good password” but did not enable two-factor authentication (2FA).
“The intruder was able to download a copy of the user list that contains email addresses, handles, and other statistical information about the users of the forums,” states the data breach notification.
Administrators state that they do not believe the intruder could download the database of the forum containing user’s credentials.
Users have to set new passwords manually from the login menu
and following the “get a new password” instructions. Users using Github credentials should reset/refresh it.
“You should assume that your email address and handle have been disclosed. That means you may get phishing emails that include your name. DO NOT click links, but instead, manually type the URL of the forum as above.” states the advisory.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?