The OpenWRT Project Reported a Data Leak For Users of Its Forum

The OpenWRT open source project team, which provides free customized firmware for home routers, reported a security incident last weekend.


According to a notification on the project's forum, on Saturday, January 16, around 16:00 GMT (19:00 Moscow time), the attackers gained access to the forum administrator account. How they managed to do this is unknown. "The account had a strong password, but two-factor authentication was not enabled," the notice says.


Although the hackers were unable to download the entire OpenWRT forum database, they still copied the full list of members of the forum, including the names and email addresses they used. The passwords were not compromised, however, as a precautionary measure, the administration of the resource reset all user passwords and API keys, and now, at the next authorization in their accounts, members of the forum will need to go through the password recovery procedure. The same goes for those using OAuth - they will need to re-sync their accounts.


The OpenWRT team also warned users of a possible wave of phishing emails. While some may wonder what hackers might be interested in using the OpenWRT forum user accounts, it should be understood that the portal is often used by developers working for manufacturers of OpenWRT compatible routers and software products.


Compromising an OpenWRT forum user account could be the first step in a supply chain attack. Having gained access to an account belonging to the developer, attackers can take further actions to gain access to the internal networks of the company, the employee of which is the developer.


According to the OpenWRT team, only the data of the forum users were compromised. There was no evidence of a compromise on the OpenWrt Wiki platform, which provides official download links and instructions for users to install firmware on various router models.

Previous Post Next Post