On December 16, we realized that somebody had not too long ago gained unauthorized entry to the database boards.ethereum.org, We instantly launched a radical investigation to find out the origin, nature and scope of this incident. This is what we do know:
- Essentially the most not too long ago accessed info is a database backup dated April 2016 and contains details about 16.5k discussion board customers.
- These are additionally included within the leaked info
- messages, each private and non-private
- IP addresses
- username and e-mail handle
- Profile Data
- hashed password
- ~13k bcrypt hash (salted)
- ~1.5k wordpress-hash (salted)
- ~2k accounts with out passwords (federated login used)
- The assailant himself/herself disclosed that he/she is the particular person/individuals who bo shen was not too long ago hacked,
- The attacker used social engineering to achieve entry to cell phone numbers, permitting them to achieve entry to different accounts, certainly one of which had entry to previous database backups from the discussion board.
We’re taking the next steps:
- Discussion board customers whose info could have been affected by the leak will obtain an e-mail with further info.
- We have now closed the unauthorized entry factors concerned within the leak.
- We’re implementing strict safety pointers internally akin to eradicating restoration telephone numbers from accounts and utilizing encryption for delicate information.
- We’re offering the e-mail addresses we consider have been leaked https://haveibeenpwned.comA service that helps talk with affected customers.
- We’re resetting all discussion board passwords efficient instantly.
If in case you have been affected by the assault, we advocate that you simply do the next:
- Be sure that your password will not be reused between providers. In case you’ve reused your discussion board.ethereum.org password elsewhere, change it in these locations.
Moreover, we advocate This glorious weblog publish by Kraken which gives helpful info on how you can defend towards some of these assaults.
We deeply remorse the incidence of this incident and are working diligently internally and with exterior companions to deal with this incident.
questions could be directed safety@ethereum.org,