The OpenWRT forum, a large community of people who prefer alternative open-source operating systems for routers, announced that fell victim to a breach data.
OpenWRT forum: A good password is not enough
Η cyber attack happened on Saturday. It is said that one unauthorized user gained access with administrator privileges and copied one list with data users of the forum but also relevant statistical information.
The attacker used the account of an administrator of the OpenWRT forum. This account had a “good code access ”, however the breach was possible as well two-factor authentication (2FA) was not enabled, a safety measure that helps a lot in such cases.
According to OpenWRT coordinators, the attacker stole addresses e-mail and usernames. However, it is believed that he could not lower the base data of the forum, which means that passwords are reasonably secure.
In any case, the managers decided to reset all passwords in the forum to be sure safe and canceled all API keys used for project development processes.
According to the OpenWRT forum instructions, users must manually enter the new password by going to the login menu and providing the name user their. Next, follow the instructions for "get a new password". Those who connect using GitHub credentials It is good to change their passwords there as well.
"This means that you may receive phishing emails containing your name. DO NOT click on links, but enter the forum URL manually instead", The announcement advises.
"We apologize for the inconvenience caused by this attack. We will provide updates if we learn more about the intruder or information which were revealed”- OpenWRT forum moderators.
A few facts about OpenWRT
The OpenWRT it is one Linux-based firmware project that it provides custom software for a wide range of routers. It is suitable for those who want to discover and unlock advanced options supported by their router.
Given the number of devices using custom firmware is smaller and emphasis is placed on security, attacks against them are fewer. In addition, if there is a problem, the updates and corrections are provided quickly.
Source: Bleeping Computer