On December 16, we had been made conscious that somebody had not too long ago gained unauthorized entry to a database from discussion board.ethereum.org. We instantly launched a radical investigation to find out the origin, nature, and scope of this incident. Here’s what we all know:
- The knowledge that was not too long ago accessed is a database backup from April 2016 and contained details about 16.5k discussion board customers.
- The leaked data contains
- Messages, each private and non-private
- IP-addresses
- Username and e mail addresses
- Profile data
- Hashed passwords
- ~13k bcrypt hashes (salted)
- ~1.5k WordPress-hashes (salted)
- ~2k accounts with out passwords (used federated login)
- The attacker self-disclosed that they’re the identical individual/individuals who not too long ago hacked Bo Shen.
- The attacker used social engineering to achieve entry to a cell phone quantity that allowed them to achieve entry to different accounts, one in every of which had entry to an outdated database backup from the discussion board.
We’re taking the next steps:
- Discussion board customers whose data could have been compromised by the leak can be receiving an e mail with further data.
- We’ve closed the unauthorized entry factors concerned within the leak.
- We’re implementing stricter safety tips internally comparable to eradicating the restoration telephone numbers from accounts and utilizing encryption for delicate knowledge.
- We’re offering the e-mail addresses that we consider had been leaked to https://haveibeenpwned.com, a service that helps talk with affected customers.
- We’re resetting all discussion board passwords, efficient instantly.
For those who had been affected by the assault we advocate you do the next:
- Be certain that your passwords are usually not reused between companies. When you’ve got reused your discussion board.ethereum.org password elsewhere, change it in these locations.
Moreover, we advocate this wonderful weblog put up by Kraken that gives helpful details about easy methods to shield towards all these assaults.
We deeply remorse that this incident occurred and are working diligently internally, in addition to with exterior companions to deal with the incident.
Questions might be directed to safety@ethereum.org.