After disclosing a breach earlier this week, Stack Overflow has confirmed some consumer knowledge was accessed.
In case you missed it, the developer information sharing website confirmed Thursday a breach of its techniques final weekend, resulting in unauthorized access to manufacturing techniques — the front-facing servers that actively energy the location. The corporate gave few details, besides that buyer knowledge was unaffected by the breach.
Now the corporate stated the intrusion on the web site started a few week earlier and “a really small quantity” of users had some knowledge uncovered.
“The intrusion originated on Might 5 when a construct deployed to the event tier for stackoverflow.com contained a bug, which allowed an attacker to log in to our improvement tier in addition to escalate their access on the manufacturing model of stackoverflow.com,” stated Mary Ferguson, vice chairman of engineering.
“This alteration was shortly identified and we revoked their access network-wide, started investigating the intrusion, and commenced taking steps to remediate the intrusion,” she stated.
Although the consumer database wasn’t compromised, “we've identified privileged net requests that the attacker made that would have returned IP tackle, names, or emails” for some customers.
The company didn’t instantly quantify what number of users have been affected. Stack Overflow has 10 million registered users. Spokesperson Khalid El Khatib stated “roughly 250 public network users” have been affected. Ferguson stated affected users can be notified.
Stack Overflow’s teams, business and enterprise clients are on separate, unaffected infrastructure, she stated, and there’s “no evidence” that these techniques have been accessed. The corporate’s advertising and expertise enterprise is claimed to be unaffected.
In response to the incident, the company terminated the unauthorized entry and is conducting an “in depth” audit of its logs to gauge the level of access gained by the attacker.