Stack Overflow mentioned hackers got non-public information for roughly 250 customers after breaching the website online and spending the following week escalating their get right of entry to.
“Whilst our total person database was once no longer compromised, we have now recognized privileged Internet requests that the attacker made that will have returned IP deal with, names, or emails for an overly small selection of Stack Change customers,” Mary Ferguson, Stack Overflow VP of Engineering, wrote in a weblog put up printed Friday. “Our group is lately reviewing those logs and might be offering suitable notifications to any customers who’re impacted.”
In an replace, Ferguson mentioned investigators now estimate the quantity at 250 public community customers. Officers for the developer neighborhood website online will notify the ones affected. The corporate first disclosed the breach on Thursday in a four-sentence put up that mentioned “some degree of manufacturing get right of entry to was once received on Might 11.”
In Friday’s replace, Ferguson mentioned the intrusion began on Might five, when an attacker exploited a worm in a brand new construct deployed to the advance tier of stackoverflow.com. The get right of entry to allowed the attacker to log into the advance tier after which escalate get right of entry to to a manufacturing model of the website online. The attacker has since been got rid of from the community.
“Between Might five and Might 11, the intruder contained their actions to exploration,” Ferguson wrote. “On Might 11, the intruder made a transformation to our device to grant themselves a privileged get right of entry to on manufacturing. This transformation was once temporarily recognized and we revoked their get right of entry to network-wide, started investigating the intrusion, and started taking steps to remediate the intrusion.”
To reduce the wear hackers can do, Stack Overflow maintains separate methods for the website online’s Groups, Trade, and Undertaking consumers. Thus far, investigators have discovered no proof that those methods or the buyer information belonging to them have been get right of entry to. The corporate’s promoting and skill companies have been additionally no longer affected, the VP mentioned. Stack Overflow has about 10 million registered customers.
Stack Overflow is now within the technique of auditing all logs and databases in an try to hint the intruder’s steps. It has additionally fastened the unique weaknesses that allowed the intrusion and escalation to occur. The corporate has retained a third-party forensics and incident reaction company to help in each remediation and analysis of methods and safety ranges. Ferguson mentioned Stack Overflow will supply additional info as soon as the investigation concludes.