[guardian-dev] ALERT: matrix.org compromised, change your IRC passwords

Abel Luck abel at guardianproject.info
Fri Apr 12 04:31:00 EDT 2019


Hey folks,

Matrix.org's infra has been hacked. It was down all day yesterday, back
up again this morning for a short time, them hacked again as the
attacker regained a foothold.

DO THESE THINGS:

* You need to change your matrix.org/riot password, but you can't do
this now as it is still offline
* If you re-used that password anywhere else, change it in all those
places (and use a password manager and don't reuse creds)
* If you used matrix as an IRC bridge into any irc networks, log on to
those irc networks using an irc client and change your password with
nickserv:  /msg nickserv set password NEWPASS

For those that want to follow this debacle:

T+0 Matrix.org goes down, and tweets about it
https://twitter.com/matrixdotorg/status/1116304867683905537

T+13h Matrix.org comes up, they post a blog post
https://web.archive.org/web/20190412000400/https://matrix.org/blog/2019/04/11/security-incident/

T+17h The attacker defaces the blog post with a teaser dump
https://web.archive.org/web/20190412055614/https://matrix.org/blog/2019/04/11/security-incident/

T+19h Matrix.org goes down again, and they tweet about it
https://twitter.com/matrixdotorg/status/1116593380102852608

T+20h Attacker starts opening [SECURITY] issues on the matrix.org github
repo (this is ongoing) quote: "As someone who is intimately familiar
with your entire infrastructure, I thought I could help you out."
https://github.com/matrix-org/matrix.org/issues

..and this happend just as I was finishing this email

T+21h Matrix.org is up again and they tweet about it (seems like the
matrix servers aren't back yet)
https://twitter.com/matrixdotorg/status/1116616382584475648


More information about the guardian-dev mailing list