On December 16, we realized that somebody had not too long ago accessed the database from discussion board.ethereum.org. We instantly launched an intensive investigation to find out the origin, nature and scope of this incident. Here is what we all know:
- The not too long ago accessed data was a database backup from April 2016 and contained data on 16.5 thousand discussion board customers.
- The leaked data consists of
- Messages, private and non-private
- IP addresses
- Username and e mail tackle
- Profile data
- Scattered passwords
- ~13k bcrypt hash (salted)
- ~1.5k WordPress hashes (salted)
- ~2k accounts with out passwords (federal login used)
- The attacker himself found that it was the identical particular person/individuals who he had not too long ago hacked Bo Shen.
- The attacker used social engineering to achieve entry to a cell phone quantity that gave them entry to different accounts, certainly one of which had entry to an previous database backup from the discussion board.
We take the next steps:
- Discussion board customers whose data might have been compromised by the leak will obtain an e mail with extra data.
- We’ve got shut down the unauthorized entry factors concerned within the leak.
- Internally, we implement stricter safety tips resembling eradicating restoration cellphone numbers from accounts and utilizing encryption for delicate knowledge.
- We’re offering the e-mail addresses we consider have been leaked https://haveibeenpwned.comservice to assist talk with affected customers.
- We’re resetting all discussion board passwords, efficient instantly.
In case you have been affected by the assault, we advocate that you just do the next:
- Be certain that your passwords usually are not reused between providers. Should you’ve reused your discussion board.ethereum.org password elsewhere, please change it there.
Moreover, we advocate this glorious weblog publish by Kraken which gives helpful data on how you can defend in opposition to all these assaults.
We deeply remorse that this incident occurred and are working diligently internally, in addition to with exterior companions, to resolve the incident.
Questions may be directed to safety@ethereum.org.