OpenWrt, an open-source project that provides accessible, publicly licensed firmware that users can manipulate and modify, disclosed a breach occurring on January 16th, 2021. The breach involved a third-party user accessing an administrator’s account on the OpenWRT forum.
According to a statement released on the forum, entitled “Security notice – Site break-in on 16-Jan-2021”, “The intruder was able to download a copy of the user list that contains email addresses, handles, and other statistical information about the users of the forum.” The notice posits that the method of breaching is unknown, noting that the account had a good password, but lacked proper two-factor authentication protection.
Though the attacker was not able to download the OpenWrt database, the admins have reset all the passwords on the forum and flushed API keys, which are unique identifiers used to authenticate specific individual users. The statement provides users with a link in which they must manually reset their password. They also urge users to operate under the assumption that their email addresses and handles have been disclosed.
The statement warns that users with exposed email addresses will likely be indicated with phishing emails that will appear to be from the OpenWrt domain. “You may get phishing emails that include your name. DO NOT click links, but instead manually type the URL of the forum as above.”
The message concludes by apologizing to the community for any inconvenience the breach may have caused users. It also promises to update everyone, should more information come out about either the attacker or breached information.