On December 16, we became informed that an individual or group had recently obtained unauthorized access to a database from forum.ethereum.org. We promptly initiated a comprehensive investigation to ascertain the source, character, and extent of this occurrence. Here is what we have discovered:
- The data that was recently accessed is a backup of the database from April 2016, containing details about 16.5k forum users.
- The information that was disclosed includes
- Messages, both public and private
- IP addresses
- Usernames and email addresses
- Profile details
- Hashed passwords
- ~13k bcrypt hashes (salted)
- ~1.5k WordPress hashes (salted)
- ~2k accounts lacking passwords (utilized federated login)
- The perpetrator disclosed that they are the same individual or individuals who recently breached Bo Shen.
- The attacker employed social manipulation to access a mobile phone number, enabling them to infiltrate other accounts, one of which granted access to an older database backup from the forum.
We are implementing the following measures:
- Users of the forum whose data may have been affected by the breach will receive an email with more information.
- We have secured the unauthorized access points involved in the breach.
- We are applying more stringent security protocols internally, such as eliminating recovery phone numbers from accounts and utilizing encryption for sensitive information.
- We will be supplying the email addresses that we believe were compromised to https://haveibeenpwned.com, a service designed to connect with affected users.
- We will be resetting all forum passwords, effective immediately.
If you were impacted by the breach, we suggest you take the following actions:
- Ensure that your passwords are not duplicated across different services. If you have reused your forum.ethereum.org password elsewhere, please change it in those locations.
In addition, we recommend this informative blog post by Kraken that offers valuable advice on how to safeguard against these types of breaches.
We sincerely apologize for this incident and are diligently working both internally and with external partners to rectify the situation.
Inquiries can be directed to security@ethereum.org.
