Security Advisory 2021-01-17-1 - OpenWrt forum break-in on 16-Jan-2021

Around 0400 GMT on 16 Jan 2021, an administrator account on the OpenWrt forum (https://forum.openwrt.org) was breached. It is not known how the account was accessed: the account had a good password, but did not have two-factor authentication enabled.

The intruder was able to download a copy of the user list that contains email addresses, handles, and other statistical information about the users of the forum. Although we do not believe the intruder could download the database, from an abundance of caution, we are following the advice of the Discourse community and have reset all passwords on the Forum, and flushed any API keys.

We apologize for the inconvenience caused by this attack. We will provide updates if we learn any more about the attacker or information that was disclosed.

A malicious attacker could send phishing emails to OpenWrt forum users that include their name / OpenWrt forum handle.

  1. You will need to reset your forum password by MANUALLY typing the following link without spaces: https : // forum . openwrt . org
    Enter your user name, and follow the “get a new password” hint.
  2. You should assume that your email address and handle have been disclosed. That means you may get phishing emails that include your name. DO NOT click links, but instead manually type the URL of the forum as above.
  3. If you use Github login/OAuth key, you should reset/refresh it.
  4. OpenWrt forum credentials are entirely independent of the OpenWrt Wiki (https://openwrt.org). There is no reason to believe there has been any compromise to the Wiki credentials.
  • @site-admins for reporting and issue analysis
This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
  • Last modified: 2021/01/17 19:57
  • by tmomas