According to a recent disclosure by the company, Stack Overflow suffered a security incident. The site serves as a major Q/A platform for programmers and developers. The officials confirmed that the Stack Overflow data breach exposed some user records to the hackers.
Stack Overflow Data Breach Disclosed
As disclosed recently, the popular informative platform Stack Overflow suffered a cyber attack leading to users’ privacy being breached and confirmed the incident exposed user information to the attackers.
The officials first disclosed the security incident on May 16, 2019, in a security notice. As revealed at that time, they noticed an attack gaining ‘some level of production access’. They confirmed continuing with the investigations to bring up more details.
The next day, on May 17, 2019, another security notice uploaded on their website. It shared more details and confirmed the Stack Overflow data breach. As revealed, a bug allowed the attacker to intrude into the system.
The intrusion originated on May 5 when a build deployed to the development tier for stackoverflow.com contained a bug, which allowed an attacker to log in to our development tier as well as escalate their access on the production version of stackoverflow.com
The intrusion continued for about a week, and caught attention only on May 11, 2019, when the attackers attempted a modification.
Between May 5 and May 11, the intruder contained their activities to exploration. On May 11, the intruder made a change to our system to grant themselves a privileged access on production.
Security Measures Underway
Upon noticing the incident, the company quickly stopped the intrusion and began investigations. While Stack Overflow confirmed no unauthorized access to their database, the attackers could still impact some users.
We have identified privileged web requests that the attacker made that could have returned IP address, names, or emails for a very small number of Stack Exchange users.
As they have now progressed with the investigations, they confirm the incident affected some 250 users. They assured those concerned that they will be notifying the affected users of the matter.
Although the investigations still continue on their part, nonetheless they have taken the necessary steps to ensure network security. These include containment of unauthorized access, network and database audit, bug fixes, and involving third-party forensic team, and public disclosure of the matter.
Take your time to comment on this report.