OpenWRT open-source project says someone used an administrator’s credentials to breach their forum and stole a list of list user names, email addresses, and various other statistical data.
Forum data breaches are not uncommon, as threat actors take advantage of vulnerabilities or employ other methods to gain access. Unfortunately, one of those methods is to use valid credentials, which allows attackers to bypass protection measures and directly access to the targeted resources.
The maintainers of OpenWRT discovered the intrusion on 16 Jan 2021 when someone used a forum administrator’s credentials to log in. It’s unclear how those credentials were leaked, and the team looking into the incident says that the password was strong. But, without two-factor authentication on that account, the attacker met no resistance.
“The intruder was able to download a copy of the user list that contains email addresses, handles, and other statistical information about the users of the forum,” said OpenWRT’s maintainers. “Although we do not believe the intruder could download the database, from an abundance of caution, we are following the advice of the Discourse community and have reset all passwords on the Forum, and flushed any API keys.”
As is customary, users have been advised to reset their passwords as soon as possible and assume email addresses and handles have been viewed.
The good news is that it seems that the download page and the links haven’t been compromised, which means OpenWRT users shouldn’t worry about corrupted images.
This incident shows that a strong password is not always enough. Supplemental security measures are needed, such as multi-factor authentication, not to mention that a complex and strong password is useless if used on other services.
OpenWRT is an open-source project that provides users with custom images based on Linux for embedded devices such as routers.