OpenWrt is an open-source project for embedded operating systems based on Linux, primarily used on embedded devices to route network traffic. The main components are Linux, util-linux, musl, and BusyBox. All components have been optimized to be small enough to fit into the limited storage and memory available in home routers.
OpenWRT forum was compromised during the weekend and user data were stolen by intruders.
The administrators of the forum disclosed the data breach with an announcement published on the forum.
The attack took place on Saturday, around 04:00 (GMT), when threat actors compromised an administrator account and downloaded a copy of the list of users.
“Around 0400 GMT on 16 Jan 2021, an administrator account on the OpenWrt forum (https://forum.openwrt.org) was breached. It is not known how the account was accessed: the account had a good password, but did not have two-factor authentication enabled.” states the data breach notification published by the administrators of the forum. “The intruder was able to download a copy of the user list that contains email addresses, handles, and other statistical information about the users of the forum. Although we do not believe the intruder could download the database, from an abundance of caution, we are following the advice of the Discourse community and have reset all passwords on the Forum, and flushed any API keys.”
The list contains email addresses, handles, and other statistical information about the users of the forum. According to the announcement, the compromised account was using a “a good password,” but it was not using two-factor authentication (2FA).
Administrators do not believe the attackers have downloaded the database of the forum containing users’ credentials.
However, with an abundance of caution, forum administrators reset all passwords and flushed any API keys.
Users have to reset their password manually on https://forum.openwrt.org.
and following the “get a new password” instructions. If users use Github login/OAuth key, they should reset/refresh it.
The notice states that OpenWrt forum credentials are separate from OpenWrt Wiki (https://openwrt.org), this means that the data breach did not compromise Wiki credentials.
OpenWRT administrators warn of phishing attempts against forum users.
“You should assume that your email address and handle have been disclosed. That means you may get phishing emails that include your name. DO NOT click links, but instead manually type the URL of the forum as above.” states the advisory.
If you want to receive the weekly Security Affairs Newsletter for free subscribe here.
(SecurityAffairs – hacking, data breach)