Ethereum.org forum database hacked, information of 16.5k users likely compromised

Ethereum team has announced a security breach in which the hacker gained unauthorized access to a database from forum.ethereum.org.

A probe into the matter revealed that the information that was accessed is a database backup from April 2016, containing information about 16,500 forum users. The leaked information includes messages, both public and private; IP-addresses; username and email addresses; profile information; and hashed passwords (~13k bcrypt hashes (salted), ~1.5k WordPress-hashes (salted), ~2k accounts without passwords (used federated login)).

Ethereum Foundation media relations lead Hudson Jameson said that the attacker self-disclosed that they are the same person/persons who hacked prominent blockchain industry investor Bo Shen earlier this month.

“The attacker used social engineering to gain access to a mobile phone number that allowed them to gain access to other accounts, one of which had access to an old database backup from the forum”, Jameson added.

Ethereum team said that it has closed the unauthorized access points involved in the leak and is resetting all forum passwords. Forum users whose information may have been compromised will be receiving an email with additional information.

In addition, stricter security guidelines are being enforced internally such as removing the recovery phone numbers from accounts and using encryption for sensitive data.