The open source project OpenWRT, known for its firmware for routers, has reported a compromise. Last weekend (January 16, 2021), the forum administrator account (forum.openwrt.org) was hacked as a result of an attack. At the same time, it is emphasized that the wiki of the project, where the official download links are posted, has not been damaged.
“It is not known how access to the forum administrator account was obtained: the account had a good password, two-factor authentication was not active,” reads the message.
The OpenWRT team states that the attacker was unable to download a complete copy of the database, but downloaded a list of forum members that included usernames and email addresses. Although there were no passwords among the affected data, the OpenWRT administrators decided to play it safe and still reset all passwords and API keys. Now, when visiting the forum, users see a notification about the need to go through the password recovery procedure. This is a must even for those using OAuth tokens, these people need to re-sync their accounts.
OpenWRT warns that forum members may face phishing attacks in the near future. The danger is that the OpenWRT forum is frequented by developers from companies that make or sell routers and software that are compatible with OpenWRT. Thus, hacking the forum could be the first step towards attacks on the internal networks of these companies.