Stack Overflow hacker went undetected for a week

May 17, 2019

Stack Overflow now says hacker might have also accessed user data.

The hacker who breached Stack Overflow last week managed to access data on user accounts, the company said today in an update on its investigation into a security breach it disclosed last night.

The update comes to shed some light into what happened on the company’s servers last week, after Stack Overflow left many users scratching their heads when it posted a very short message on Thursday, announcing a severe breach of its production systems.

While it initially said that there was no evidence of the hacker accessing user data, the company changed its statement today.

“While our overall user database was not compromised, we have identified privileged web requests that the attacker made that could have returned an IP address, names, or emails for a very small number of Stack Exchange users,” said Mary Ferguson, VP of Engineering at Stack Overflow.

The exec said the company is now reviewing log files to determine which users were impacted by the hacker’s scans. Users found to have had their info viewed or collected by the hacker will receive a notification, she said.

HACKER WAS UNDETECTED FOR DAYS

Further, Ferguson also added a correction to the breach’s timeline, which started a week before Stack Overflow thought it did.

“The intrusion originated on May 5 when a build deployed to the development tier for stackoverflow.com contained a bug, which allowed an attacker to log in to our development tier as well as escalate their access on the production version of stackoverflow.com,” Ferguson said.

“Between May 5 and May 11, the intruder contained their activities to exploration,” the Stack Overflow exec said, highlighting the reason why the company did not detect the intrusion.

“On May 11, the intruder made a change to our system to grant themselves privileged access on production. This change was quickly identified and we revoked their access network-wide, began investigating the intrusion, and began taking steps to remediate the intrusion.”

Stack Overflow said it terminated the hacker’s access to its network and is now working with a forensics firm to audit its logs and trace the intruder’s actions on its servers.

The company said the investigation is still ongoing and more updates will follow.

Related Articles

EHR Vendor Slapped With HIPAA Fine

EHR Vendor Slapped With HIPAA FineInvestigation Came in Wake of Cyberattack That Affected Millions Federal regulators have smacked a cloud-based electronics health records vendor with a $100,000 HIPAA settlement in the wake of a 2015 cyberattack that affected millions...

‘BlueKeep’ Windows Remote Desktop flaw gets PoC exploits

‘BlueKeep’ Windows Remote Desktop flaw gets PoC exploitsMultiple researchers created proof-of-concept exploits, including remote code execution attacks, targeting the recently patched Windows Remote Desktop flaw called BlueKeep. Microsoft patched a...

Database with millions of Instagram influencers’ info leaked online

Database with millions of Instagram influencers’ info leaked onlineThe leaked database was discovered on Shodan on May 14th. A huge online database containing private contact information including phone numbers and email IDs of roughly 50 million Instagram profiles...

Stay Up to Date With The Latest News & Updates

Join Our Newsletter

Get weekly tech updates and immediate alerts when there is a zero-day or security issue!

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from our team.

You have Successfully Subscribed!

Share This