The OpenWRT forum, the community behind the open-source operating systems for routers disclosed a data breach. OpenWRT forum was compromised during the weekend and user data was stolen by intruders.
OpenWrt is an open-source project for embedded operating systems based on Linux, primarily used on embedded devices to route network traffic.
The administrators of the forum posted the announcement of the data breach on the OpenWrt forum (https://forum.openwrt.org).
The attack took place on Saturday, when the threat actors compromised an administrator account and downloaded a copy of the list of forum users. It is not known how the account was accessed.
The account used a good password, but the two-factor authentication was not enabled. The intruder was able to download a copy of the user list that contains email addresses, handles, and other statistical information about the users of the forum.
The moderators believe that the attacker was not able to download the forum database, so the passwords might be safe. However, as a precaution, they have reset all passwords on the Forum, and flushed any API keys.
All the users are required to reset their password manually on https://forum.openwrt.org. and following the “get a new password” instructions. Those users who use Github login/OAuth key, must reset/refresh it.
The notice also states that OpenWrt forum credentials are separate from OpenWrt Wiki (https://openwrt.org), and so the data breach must not have compromised Wiki credentials.
OpenWRT administrators advices the users to be aware of phishing attempts as their email addresses have been breached. Users must not click on any links, but instead type the URL of the forum manually.