Ethereum Online Forum Passwords Hacked

347
ADVERTISEMENTScreditx RoboRobo Dreamtime

Share with:


According to a blog report at Ethereum, on December 16, Ethereum staff were made aware that someone had recently gained unauthorized access to a database from forum.ethereum.org and immediately launched a thorough investigation to determine the origin, nature, and scope of this incident.

Here is what they know:

  • The information that was recently accessed is a database backup from April 2016 and contained information about 16.5k forum users.
  • The leaked information includes
    • Messages, both public and private
    • IP-addresses
    • Username and email addresses
    • Profile information
    • Hashed passwords
      • ~13k bcrypt hashes (salted)
      • ~1.5k WordPress-hashes (salted)
      • ~2k accounts without passwords (used federated login)
  • The attacker self-disclosed that they are the same person/persons who recently hacked Bo Shen.
  • The attacker used social engineering to gain access to a mobile phone number that allowed them to gain access to other accounts, one of which had access to an old database backup from the forum.

They are taking the following steps:

  • Forum users whose information may have been compromised by the leak will be receiving an email with additional information.
  • They have closed the unauthorized access points involved in the leak.
  • They are enforcing stricter security guidelines internally such as removing the recovery phone numbers from accounts and using encryption for sensitive data.
  • They are providing the email addresses that they believe were leaked to https://haveibeenpwned.com, a service that helps communicate with affected users.
  • They are resetting all forum passwords, effective immediately.

If you you’re affected by the attack they recommend you do the following:

  • Ensure that your passwords are not reused between services. If you have reused your forum.ethereum.org password elsewhere, change it in those places.

Additionally, they recommend this excellent blog post by Kraken that provides useful information about how to protect against these types of attacks.

They deeply regret that this incident occurred and are working diligently internally, as well as with external partners to address the incident.

Questions can be directed to security@ethereum.org.

About Richard Kastelein

Founder of industry publication Blockchain News, partner at ICO services collective CryptoAsset Design Group (helped raise over $200m+), director of education company Blockchain Partners (Oracle Partner) and ICO event organiser at leading industry event  CryptoFinancing (first ICO event in Europe) – Richard Kastelein is an award-winning publisher, innovation executive and entrepreneur. He sits on the advisory boards of half a dozen Blockchain startups and has written over 1200 articles on Blockchain technology and startups at Blockchain News and has also published pioneering articles on ICOs in Harvard Business Review and Venturebeat.
 
Kastelein has spoken (keynotes & panels) on Blockchain technology in Amsterdam, Antwerp, Barcelona, Beijing, Brussels, Bucharest, Dubai, Eindhoven, Gdansk, Groningen, the Hague, Helsinki, London, Manchester, Minsk, Nairobi, Nanchang, San Mateo, Shanghai,Tel Aviv and Venice. His network is global and extensive.
 
He is a Canadian (Dutch/Irish/English/Métis) whose writing career has ranged from the Canadian Native Press (Arctic) to the Caribbean & Europe. He’s written occasionally for Harvard Business Review, Wired, Venturebeat, The Guardian and Virgin.com and his work and ideas have been translated into Dutch, Greek, Polish, German and French.
 
A journalist by trade, an entrepreneur and adventurer at heart, Kastelein’s professional career has ranged from political publishing to TV technology, boatbuilding to judging startups, skippering yachts to marketing and more as he’s travelled for nearly 30 years as a Canadian expatriate living around the world.
 
In his 20s, he sailed around the world on small yachts and wrote a series of travel articles called, “The Hitchhiker’s Guide to the Seas’ travelling by hitching rides on yachts (1989) in major travel and yachting publications. He currently lives in Groningen, Netherlands where he’s raising three teenage daughters with his wife and sailing partner, Wieke Beenen.

Visit Website
View All Articles
advertisementBlockchain Expo
  • ted

    mickey mouse..