Posted on January 20, 2021 at 4:02 AM
A recent report revealed that hackers compromised the OpenWRT forum, a popular open-source forum, and made away with statistical details and personal information.
As part of the attack on the forum, an administrator account was breached, although the moderators of the forum don’t know how the account was compromised.
The OpenWRT forum is channeled towards users who are passionate about OpenWRT, and open-source Linux-based software that is utilized for embedding devices to direct network traffic.
Four administrators of the forum announced the compromise, saying the level of risks users are facing when it comes to the exposure of their data.
An administrator’s account compromised
The hacker seems to have succeeded in hacking the forum over the weekend by compromising the administrator’s account and stealing user data. One of the administrators of the forum said he posted the information about the hacking incident after receiving information on the same forum.
2FA authentication not active during attack
The hacking incident took place on Saturday evening (4: PM GMT) after an unauthorized person accessed and stole a list with details containing the forum users and their statistical information.
According to the information provided by the administrator, the threat actor uses the account on an OpenWRT administrator. Even though the account was protected by a strong password, the threat actor was able to have his way since the additional two-factor authentication (2FA) protocol was inactive at the time of the attack.
All passwords have been reset
The report reveals that the hackers were able to retrieve the handles and email addresses of the users. However, the moderators said the hackers didn’t download the forum’s database, which means that they were not able to steal users’ passwords.
The moderators added that to be on the safe side, all the passwords on the forum have been reset while the API keys used for project development have been invalidated.
The moderators have asked users to set their new passwords on the portal by clicking on the “get new password instructions.” To complete the process, they have to provide their username and choose a new password.
Users who are logging in through their GitHub details are also asked to refresh or reset their passwords.
Since the OpenWRT forum credentials are different from Wiki, there is no suspicion that the Wiki credentials have been breached as well.
The statistics available on the site shows that there have been 4,100 active users for the past 30 days, and about 27,000 registered users since the forum was launched.
Users could become phishing targets
Although many people may not understand why people may want to visit the OpenWRT forum, the platform is usually visited by developers who work for firms that set OpenWRT-compatible software or routers.
If an account is compromised on OpenWRT, it could lead to more attacks on the internal network of several software and hardware development companies. Once a user who is working for a software development company is compromised, the hacker could use it as an avenue to access the company’s server and launch further attacks.
That’s why the OpenWRT moderators are telling users to be very careful about responding to phishing emails.
The forum administrators have informed that users whose accounts have been exposed may become targets of phishing attacks since the hackers now have their email address.
The moderators warn that users should not include links even if they get a message that includes their name. Also, they should not get to the forum by clicking on any link. According to the moderators, any user that wants to reach the forum should type the address of the forum manually on their address bar.
“We apologize for the inconvenience caused by this attack,” the moderators stated, adding that they will update users whenever they receive further information about the attack.
OpenWRT forum is open to enthusiasts who are looking to unlock advanced options supported by their router.
Attacks against these types of software are usually rare because they only accommodate a small number of devices running custom malware.