[guardian-dev] ALERT: matrix.org compromised, change your IRC passwords
Abel Luck
abel at guardianproject.info
Fri Apr 12 04:31:00 EDT 2019
Hey folks,
Matrix.org's infra has been hacked. It was down all day yesterday, back
up again this morning for a short time, them hacked again as the
attacker regained a foothold.
DO THESE THINGS:
* You need to change your matrix.org/riot password, but you can't do
this now as it is still offline
* If you re-used that password anywhere else, change it in all those
places (and use a password manager and don't reuse creds)
* If you used matrix as an IRC bridge into any irc networks, log on to
those irc networks using an irc client and change your password with
nickserv: /msg nickserv set password NEWPASS
For those that want to follow this debacle:
T+0 Matrix.org goes down, and tweets about it
https://twitter.com/matrixdotorg/status/1116304867683905537
T+13h Matrix.org comes up, they post a blog post
https://web.archive.org/web/20190412000400/https://matrix.org/blog/2019/04/11/security-incident/
T+17h The attacker defaces the blog post with a teaser dump
https://web.archive.org/web/20190412055614/https://matrix.org/blog/2019/04/11/security-incident/
T+19h Matrix.org goes down again, and they tweet about it
https://twitter.com/matrixdotorg/status/1116593380102852608
T+20h Attacker starts opening [SECURITY] issues on the matrix.org github
repo (this is ongoing) quote: "As someone who is intimately familiar
with your entire infrastructure, I thought I could help you out."
https://github.com/matrix-org/matrix.org/issues
..and this happend just as I was finishing this email
T+21h Matrix.org is up again and they tweet about it (seems like the
matrix servers aren't back yet)
https://twitter.com/matrixdotorg/status/1116616382584475648
More information about the guardian-dev
mailing list