On December 16: A major security issue was reported concerning a data base forum.ethereum.org. The incident was immediately investigated to ascertain the origin, scope and nature. What do we know?
- A backup was created for newly accessed information on April 2016 and contained data about 16,500 forum members.
- The Leaked information includes
- MessagesPublic and private.
- IP addresses
- Username Email addresses
- Information about your profile
- encrypted passwords
- 13k Bcrypt Hashes (salted).
- ~1.5k WordPress Hashes (salted).
- 2k accounts have no passwords (federated login was used).
- The Attacker revealed that they are the same person or persons who Recently, hackers Bo Shen.
- The Attacker used social engineering to gain access to other accounts by using a mobile phone number. One account had access to the backup copy of the old forum database.
We These are the steps to follow:
- Forum Users whose data has been compromised due to the leak will be emailed with additional information.
- We The leakage points were closed.
- We They enforce stricter security guidelines within the company, including removing recovery telephone numbers from accounts and using encryption to protect sensitive data.
- We are providing the email addresses which we believe were leaked https://haveibeenpwned.comA service that facilitates communication with users affected.
- We All forum passwords will be reset immediately
If If you were a victim of the attack, the following recommendations are for you:
- Make You must ensure that passwords are not re-used between services. If You have used your forum.ethereum.org login password elsewhere. Please change it there.
AdditionallyWe recommend This is an excellent idea Kraken blog post This article provides valuable information about how to protect yourself from these types of attacks.
We We are deeply sorry about this incident. We are working diligently with external partners as well as internally to fix it.
Questions You can go to security@ethereum.org.