After demonstrating a violation before this week, Stack Overflow has verified some user information has been accessed.
In case you missed it, the programmer knowledge sharing site affirmed Thursday a breach of its approaches continue weekend, leading to unauthorized access to manufacturing systems — both the front-facing servers that actively power the website. The business gave few specifics, except that customer information was unaffected by the violation\.
Now the company said the intrusion on the site began on a week earlier and”a tiny amount” of users needed some info vulnerable.
“The invasion originated May 5 if a construct deployed to the development tier for stackoverflow.com contained a bug, which allowed a person to log in to our growth tier in addition to escalate their access on the manufacturing version of stackoverflow.com,” said Mary Ferguson, vice president of engineering.
“This shift was quickly identified and we revoked their access network-wide, started exploring the invasion, and began taking steps to remediate the intrusion,” she explained.
Though the user database wasn’t compromised,”we’ve identified privileged internet requests the attacker made that might have returned IP addressnames, or mails” for many users.
The firm did not immediately quantify exactly how many users were affected. Stack Overflow has 10 million users. Spokesperson Khalid El Khatib stated”approximately 250 people community customers” were changed. Ferguson said users will be advised.
Stack Overflow’s teams, business and business clients are on separate, unaffected infrastructure,” she stated, and there’s”no evidence” that these systems were obtained. Talent company and the organization’s advertising is reportedly unaffected.
In response to this incident, the business terminated the unauthorized access and will be currently running an”extensive” audit of its own logs to assess the amount of accessibility gained from the attacker.
- An unsecured SMS spam performance doxxed its owners
- Samsung spilled SmartThings app source code and secret keys
- Security lapse subjected a Chinese smart town surveillance program
- A leaky database of SMS text messages vulnerable password resets and two-factor codes
- Chipotle clients are stating their accounts have been hacked
- We discovered a massive spam operation — and sunk its server
- Dow Jones’ watchlist of 2.4 million insecure people has leaked
- Robocaller company Stratics Networks exposed countless telephone recordings
- Huge loan and mortgage information flow gets worse as original files too vulnerable