The OpenWRT forum announced Monday, January 18, 2021, that it had suffered from a cybersecurity attack over the weekend, with hackers gaining access to the personal information of users. OpenWRT is an open-source portal that provides individuals access to free customizable firmware, states ZD Net.
IT Pro reports that OpenWRT gets around 27,000 users and approximately 4,100 active users within the past month. It leverages Linux technology to extend its services and offers to its firmware designed for routers.
In its post, the administrators of the website state that the incident was discovered on Saturday, January 16, 2021, after the threat actor in question gained unauthorized access to the administrator account of the forum. The data breach reportedly took place around 16:00 GMT.
Despite disclosing the incident to the public, the administrators of the platform said that the cause behind the unauthorized access of the account is still unknown.
In a statement, the notification said, “It is not known how the account was accessed: the account had a good password, but did not have two factor authentication enabled.”
While the administrators behind the page believe that the hacker was unsuccessful in its attempts to download the full copy of the project’s whole database, it did acknowledge the ability of the hacker to download a copy of all the users of the forum.
Apart from this, the handlers of the OpenWRT community account states that the hacker did not gain access to the wiki page of the company.
ZD Net states that based on the current information made available to the administrators, it appears that the download links and instructions for firmware installment remain uncompromised.
According to Bank Info Security, the list of forum users include personal details about individuals. These include their email addresses as well as usernames. Meanwhile, the news site reports that some information also provided insight on statistical data regarding the users of the forum.
Given the situation, the handlers of the community account are urging the public, particularly its members, to change their passwords manually. They also warned of phishing attacks geared to emails included in the customer data mined, hence the manual input of passwords.
In talking about the security of the users, the message board statement read, “Although we do not believe the intruder could download the database, from an abundance of caution, we are following the advice of the discourse community and have reset all passwords on the forum and flushed any API keys.”
In addition to manually changing passwords, administrators are also urging their users to change their GitHub accounts and or OAuth keys if these were used within the OpenWRT community forum, states Bank Info Security.
