Stack Overflow mentioned hackers obtained private information for about 250 customers immediately after breaching the web-site and spending the subsequent week escalating their access.
“While our general user database was not compromised, we have identified privileged Internet requests that the attacker produced that could have returned IP address, names, or emails for a quite smaller quantity of Stack Exchange customers,” Mary Ferguson, Stack Overflow VP of Engineering, wrote in a weblog post published Friday. “Our group is at the moment reviewing these logs and will be offering proper notifications to any customers who are impacted.”
In an update, Ferguson mentioned investigators now estimate the quantity at 250 public network customers. Officials for the developer neighborhood web-site will notify these impacted. The firm very first disclosed the breach on Thursday in a 4-sentence post that mentioned “some level of production access was gained on May perhaps 11.”
In Friday’s update, Ferguson mentioned the intrusion began on May perhaps five, when an attacker exploited a bug in a new make deployed to the improvement tier of stackoverflow.com. The access permitted the attacker to log into the improvement tier and then escalate access to a production version of the web-site. The attacker has considering the fact that been removed from the network.
“Between May perhaps five and May perhaps 11, the intruder contained their activities to exploration,” Ferguson wrote. “On May perhaps 11, the intruder produced a alter to our technique to grant themselves a privileged access on production. This alter was promptly identified and we revoked their access network-wide, started investigating the intrusion, and started taking actions to remediate the intrusion.”
To lessen the harm hackers can do, Stack Overflow maintains separate systems for the site’s Teams, Small business, and Enterprise clients. So far, investigators have identified no proof that these systems or the client information belonging to them have been access. The company’s marketing and talent corporations have been also not impacted, the VP mentioned. Stack Overflow has about 10 million registered customers.
Stack Overflow is now in the approach of auditing all logs and databases in an try to trace the intruder’s actions. It has also fixed the original weaknesses that permitted the intrusion and escalation to take place. The firm has retained a third-celebration forensics and incident response firm to help in each remediation and evaluation of systems and safety levels. Ferguson mentioned Stack Overflow will offer additional information and facts after the investigation concludes.