OpenWRT Project Community Investigating Data BreachOpen-Source Development Project Asking Members to Reset Passwords
OpenWRT, an open-source project that develops operating systems, firmware and other software for connected and embedded devices, is investigating a data breach after a hacker gained access to an administrator account over the weekend, according to posts on the project's message boards.
In a post, the OpenWRT administrators note the exact cause of the breach, which was discovered Saturday, is still being investigated.
"It is not known how the account was accessed: The account had a good password but did not have two-factor authentication enabled," according to the message board post.
The initial investigation showed that the hacker was able to download a community user list that contained email addresses, user handles and some statistical information about the community's users, according to the post.
The OpenWRT administrators stressed that the hacker was not able to download a full copy of the project's database. The message board post also notes that the threat actor did not gain access to the project's wiki, which contains links and instructions for installing firmware developed by the community.
Nevertheless, OpenWRT administrators are urging community members to manually reset passwords.
"Although we do not believe the intruder could download the database, from an abundance of caution, we are following the advice of the discourse community and have reset all passwords on the forum and flushed any API keys," according to the message board post.
Compromised email addresses might be used for phishing attacks directed against other members of the OpenWRT community, according to the message board post.
"You should assume that your email address and handle have been disclosed. That means you may get phishing emails that include your name. Do not click links, but instead manually type the URL of the forum [forum.openwrt.org] as above," the post states.
The OpenWRT administrators are also urging members to reset their GitHub accounts or OAuth keys if they used those to access the community forums and data.
Earlier this month, the U.S. Cybersecurity and Infrastructure Security Agency warned that attackers were increasingly targeting cloud services through a combination of phishing and brute-force attacks designed to compromise credentials and gain initial access to networks (see: CISA Warns of Surge in Attacks Targeting Cloud Services).
CISA also urged organizations to use two-factor authentication even though the agency found that hackers were able to bypass this security precaution in several cases.