The OpenWRT community forum behind the router firmware open source project was breached last weekend.
User data has been stolen, something that was just announced by the administrator.
OpenWRT is an open source project that provides Linux distributions for embedded systems such as home routers. OpenWRT is therefore very commonly used in home routers. The project has its own forum to host its community.
Over the weekend, a hacker appears to have hacked into an administrator account and decrypted user data. user. The hack posted on the forum.
On Saturday, January 16, 2021, an unauthorized person hacked into an Administrator account of the OpenWRT forum. The account was not protected by two-factor authentication. The attacker was able to extract a copy of the user list, including email addresses and other account data. At this time, it is not clear whether the attacker managed to copy the entire database. Forum administrators ask users to reset forum passwords and change API keys (eg reset an OAuth key).