User data stolen from OpenWRT Forum leading to a database breach.
The OpenWrt Project is a Linux operating system targeting embedded devices.
In addition, it is an open-source project that provides free and customizable firmware for home routers.
Earlier this week, the community announced a security breach that took place.
According to the post, “Around 04:00 GMT on 16 Jan 2021, an administrator account on the OpenWrt forum (https[:]//forum.openwrt.org) was breached.
In addition, “It is not known how the account was accessed: the account had a good password, but did not have two-factor authentication enabled.”
An attacker gained access to the administrator account, downloaded a list of forum users containing
- email addresses
- and, other statistical information
Fortunately, the attacker was not able to download a full copy of its database.
On the other hand, OpenWrt maintainers are warning users to be cautious if they receive any emails leading to phishing attacks.
Certainly, The community recommended their users to follow the below steps:
- Reset your password (follow https : // forum .openwrt . org)
- Do not click a link, enter your user name, and follow the “get a new password” hint.
Also, OpenWrt apologized for the inconvenience caused by this attack.
We will provide updates if we learn any more about the attacker or information that was disclosed, they mentioned.