Security News > 2021 > January > Attackers Steal E-Mails, Info from OpenWrt Forum

The forum supporting the community for OpenWrt suffered a security breach over the weekend, giving hackers access to e-mail addresses, user handles and additional private forum user information.

Those that maintain the forum for the Linux-based open-source firmware said the forum was breached in the early hours of Saturday Jan. 16, though how attackers got in remains unknown, according to a security notice posted to the forum's home page.

While the account had "a good password," administrators acknowledged that the forum did not enable two-factor authentication for its users.

While the breach of an open-source forum may not seem on the surface like such a big deal, the forum is often visited by those developing commercial routers, devices and software based on OpenWrt firmware.

Though those that maintain the forum do not believe that attackers accessed the OpenWrt database, they advised users of the community to reset all passwords, providing specific details in the security notice for the proper procedure to do so.

Since OpenWrt forum credentials are entirely independent of the OpenWrt Wiki that users access for information and updates about the platform, "There is no reason to believe there has been any compromise to the Wiki credentials," administrators said.

News URL

https://threatpost.com/attackers-e-mails-openwrt-forum/163136/