On December 16, we were informed that someone had recently gained unauthorized access to a database of forum.ethereum.org. We immediately launched a thorough investigation to determine the origin, nature and scope of this incident. This is what we know:
- The newly accessed information is a database backup from April 2016 and contained information on 16,500 forum users.
- The leaked information includes
- Messages, both public and private.
- IP addresses
- Username and email addresses
- profile information
- encrypted passwords
- ~13k bcrypt hashes (salted)
- ~1.5k WordPress hashes (salted)
- ~2k accounts without passwords (federated login used)
- The attacker revealed that they are the same person or persons who recently hacked Bo Shen.
- The attacker used social engineering to gain access to a mobile phone number that allowed him to access other accounts, one of which had access to a backup copy of the old forum database.
We are taking the following steps:
- Forum users whose information has been compromised by the leak will receive an email with additional information.
- We have closed the unauthorized access points involved in the leak.
- We are enforcing stricter security guidelines internally, such as removing recovery phone numbers from accounts and using encryption for sensitive data.
- We are providing the email addresses we believe were leaked to https://haveibeenpwned.coma service that helps communicate with affected users.
- We are resetting all forum passwords, effective immediately.
If you were affected by the attack we recommend you do the following:
- Make sure your passwords are not reused between services. If you have reused your forum.ethereum.org password elsewhere, please change it there.
Additionally, we recommend this excellent Kraken blog post which provides useful information on how to protect yourself against these types of attacks.
We are deeply sorry that this incident occurred and we are working diligently internally as well as with external partners to address the incident.
Questions can be directed to [email protected].
