December 19, 2016, a notice appeared in Ethereum Project’s official blog, warning that ethereum.org forum was compromised by unknown attackers.
The administration learned about the data leak on December 16, 2016. The first results of the investigation showed the following picture.
The information stolen by hackers is a backup of the forum database dated April 2016. The backup contained data of 16,500 forum users. The date, which has fallen into the hands of hackers, included user names, emails, IP-addresses, messages (both public and private), as well as password hashes. Around 13,000 passwords are salted bcrypt. 1500 more are salted WordPress-hashes. Approximately 2,000 accounts did not have passwords and used federated login.
The resource administration reports that the forum compromise and the hackers behind it are somehow connected with the recent hacking of the known crypto-currency investor Bo Shen, from whom 300,000 dollars had been embezzled earlier this month, which led to significant fluctuations in Augur (REP) and Ether (ETH) rates. As is the case with Shen, the attackers used social engineering and gained access to the mobile phone number of someone from the administrators, enabling the former to make it to the forum backup and access other accounts.
Ethereum Project management has provided the data on the compromised users to leaks aggregator Have I Been Pwned, so you can check your account there (data will be added to the base on December 21). In addition, the service administration has initiated a full reset of passwords in the forum, as well as removed the possibility of adding a phone number for account recovery from profiles to prevent further attacks.