Security Alert (December 19, 2016): The Ethereum.org forum database has been compromised.

adminJanuary 26, 2024

On December 16th, we learned that someone had recently gained unauthorized access to our database. forum.ethereum.org. We immediately began a thorough investigation to determine the origin, nature, and scope of this incident. Here’s what we know:

The most recently accessed information is from an April 2016 database backup, which contains information on 16,500 forum users.
The leaked information includes:
- Public and private messages
- IP address
- Username and email address
- Profile information
- Hashed Password
  - ~13,000bcrypt hashes (salted)
  - ~1.5k Wordpress hashes (salt)
  - ~2,000 accounts without passwords (using federated login)
The attacker identified himself as the criminal. Recently Hacked Bo Shen.
The attackers used social engineering to gain access to mobile phone numbers that gave them access to other accounts, one of which gave them access to old database backups of the forum.

We are taking the following actions:

Forum users whose information may have been compromised in the breach will receive an email with additional information.
Unauthorized access points involved in the breach were shut down.
We are implementing stricter security guidelines internally, including removing recovery phone numbers from accounts and using encryption for sensitive data.
We are providing email addresses that we believe have been leaked. https://haveibeenpwned.comThis is a service to help you communicate with affected users.
We are resetting all forum passwords, effective immediately.

If you have been affected by an attack, we recommend that you: