The OpenWRT community forum behind the router firmware open source project was breached last weekend.
User data has been stolen, something that was just announced by the administrator.
OpenWRT is an open source project that provides distributions Linux for embedded systems such as home routers. OpenWRT is therefore very often used in home routers. The project has its own forum to host its community.
Over the weekend, one hacker seems to have managed to hack into the administrator account and decrypt user data. user. The hack posted on the forum.
On Saturday January 16, 2021, an unauthorized person hacked into an OpenWRT forum administrator account. The account was not audit protected identity of two factors. The attacker was able to extract a copy of the user list, including email addresses, as well as other account data. At this time, it is unclear whether the attacker managed to copy the entire database. Forum administrators are asking users to reset passwords accessforum and change API keys (eg reset an OAuth key).