On December 16th, we learned that someone had recently gained unauthorized access to our database. forum.ethereum.org. We immediately began a thorough investigation to determine the origin, nature, and scope of this incident. Here’s what we know:
- The most recently accessed information is from an April 2016 database backup, which contains information on 16,500 forum users.
- The leaked information includes:
- Public and private messages
- IP address
- Username and email address
- Profile information
- Hashed Password
- ~13,000bcrypt hashes (salted)
- ~1.5k WordPress hashes (salt)
- ~2,000 accounts without passwords (using federated login)
- The attacker identified himself as the criminal. Recently Hacked Bo Shen.
- The attackers used social engineering to gain access to mobile phone numbers that gave them access to other accounts, one of which gave them access to old database backups of the forum.
We are taking the following actions:
- Forum users whose information may have been compromised in the breach will receive an email with additional information.
- Unauthorized access points involved in the breach were shut down.
- We are implementing stricter security guidelines internally, including removing recovery phone numbers from accounts and using encryption for sensitive data.
- We are providing email addresses that we believe have been leaked. https://haveibeenpwned.comThis is a service to help you communicate with affected users.
- We are resetting all forum passwords, effective immediately.
If you have been affected by an attack, we recommend that you:
- Avoid reusing passwords across services. If you reused your forum.ethereum.org password elsewhere, change it there.
Additionally, we recommend Great blog post from Kraken. It provides useful information on how to protect against these types of attacks.
We deeply regret that this incident occurred and are working diligently internally and with external partners to resolve the incident.
Questions may be linked to: security@ethereum.org.