Monday, September 21, 2020
Home NEWS Hackers breach Stack Overflow Q&A platform and compromise users’ data

Hackers breach Stack Overflow Q&A platform and compromise users’ data

Stack Overflow confirms hackers breached its systems; some users’ data compromised

Stack Overflow, a popular question and answer site for professional and tech programmers, recently confirmed that their systems were breached by hackers.

“Over the weekend, there was an attack on Stack Overflow. We have confirmed that some level of production access was gained on May 11,” wrote Mary Ferguson, Vice President of Engineering in a security update dated May 16.

“We discovered and investigated the extent of the access and are addressing all known vulnerabilities. We have not identified any breach of customer or user data.” Back then, Ferguson mentioned that an investigation into the breach was ongoing.

Further, on May 17, Ferguson posted another security update providing more insight on the investigation.

“The intrusion originated on May 5 when a build deployed to the development tier for stackoverflow.com contained a bug, which allowed an attacker to log in to our development tier as well as escalate their access on the production version of stackoverflow.com,” Ferguson wrote.

“Between May 5 and May 11, the intruder contained their activities to exploration. On May 11, the intruder made a change to our system to grant themselves a privileged access on production. This change was quickly identified and we revoked their access network-wide, began investigating the intrusion, and began taking steps to remediate the intrusion.”

While the company’s overall user database was not compromised, Ferguson said that attacker had made privileged web requests that could have returned an IP address, names, or emails of Stack Exchange users.

The company identified that the requests made by the attacker have affected approximately 250 public network users. While Stack plans to notify the affected users shortly, the company in the meanwhile is taking a number of steps as part of their response to the incident, which includes:

  • Terminating the unauthorized access to the system.
  • Conducting an extensive and detailed audit of all logs and databases that we maintain, allowing us to trace the steps and actions that were taken.
  • Remediating the original issues that allowed the unauthorized access and escalation, as well as any other potential vectors that we have found during the investigation.
  • Issuing a public statement proactively.
  • Engaging a third party forensics and incident response firm to assist us with both remediation and learnings.
  • Taking precautionary measures such as cycling secrets, resetting company passwords, and evaluating systems and security levels.

The company plans to provide more public information after the conclusion of their investigation cycle.

Founded in September 2008, Stack Overflow has over 50 million unique visitors each month with more than 10 million registered users on its site.

In December 2018, another popular Q&A platform, Quora, revealed that they suffered a data breach where 100 million of its user data was compromised that exposed account information such as names, email addresses and hashed password.

Leave a Reply

Most Popular

How To Create Windows 10 Bootable USB Using Media Creation Tool

How To Create Windows 10 Bootable USB Using Media Creation Tool You can either install Windows 10 to a new computer via DVD or...

How To Play PS3 and PS4 Games On PC (3 Methods)

How to play ps3 and ps4 games on PC Do you want to play PS3 and PS4 games on PC? Or you don’t have...

How To Fix Disk Errors In Windows 10 Computer

How To Fix Disk Errors In Windows 10 Computer Sometimes, we install some software on our computer which triggers BSOD errors. Recently, Windows users...

How to Lock Specific Apps in Windows 10

How to Lock Specific Apps in Windows 10 If you have a shared computer, or if your friends & family members occasionally use your...

Recent Comments

%d bloggers like this: