The Ethereum.org forums were breached by unknown assailants a few days ago. The Ethereum team was made aware of this event on December 16 and launched an investigation. So far, it appears the database backup from April 2016 has been leaked, containing information of 16,500 users. This includes IP addresses, email addresses, and hashed passwords.
Ethereum.org Forum Database Hacked
The year 2016 is quickly becoming the year of data breaches and hacks. Unfortunately, that streak extends to the cryptocurrency world as well. The Ethereum.org forums were breached a few days ago, as someone gained unauthorized access to the April 2016 database. As a result of this breach, thousands of user accounts are affected, and sensitive information has been leaked.
Thankfully, the forum does not store passwords in plaintext, as many other platforms do. All passwords are hashed, and most of them are salted as well. However, the assailant also obtained email addresses, public and private messages, and IP addresses. It is advised users chang etheir password immediately for the Ethereum.org forum, as well as any other place where they use the same password.
Interestingly enough, the person responsible for this hack claims the is the same one who hacked investor Bo Shen not too long ago. As a result of that hack, a lot of Ethereum and Augur REP tokens were dumped on the markets, driving the price of both currencies down. Neither market has fully recovered ever since that dump took place.
As one would expect, the assailant used social engineering to access a mobile phone number allowing them to gain access to forum accounts. One of these accounts had access to the April 2016 backup, which has now been entirely compromised. The Ethereum forum team will alert all users affected via email, to clarify the situation.
Additionally, the unauthorized accounts points abused during the hack have been sealed off. More strict security measures will be enforced from now on, including the removal of recovery phone numbers. All forum passwords have been reset immediately, and those who have not changed it yet should do so as soon as possible.
It seems evident the Ethereum ecosystem is under constant threat by someone who wants to see the project crumble to bits. Unfortunately, it is not difficult to exploit weaknesses in any third-party cryptocurrency-related system, as this hack demonstrates. Ethereum itself is not affected by this hack, which is the most important thing.
Header image courtesy of Shutterstock