Stack Overflow said hackers obtained private data for about 250 users after breaching the site and spending the next week escalating their access.
“While our overall user database was not compromised, we have identified privileged Web requests that the attacker made that could have returned IP address, names, or emails for a very small number of Stack Exchange users,” Mary Ferguson, Stack Overflow VP of Engineering, wrote in a blog post published Friday. “Our team is currently reviewing these logs and will be providing appropriate notifications to any users who are impacted.”
In an update, Ferguson said investigators now estimate the number at 250 public network users. Officials for the developer community site will notify those affected. The company first disclosed the breach on Thursday in a four-sentence post that said “some level of production access was gained on May 11."
In Fridays update, Ferguson said the intrusion started on May 5, when an attacker exploited a bug in a new build deployed to the development tier of stackoverflow.com. The access allowed the attacker to log into the development tier and then escalate access to a production version of the site. The attacker has since been removed from the network.
“Between May 5 and May 11, the intruder contained their activities to exploration,” Ferguson wrote. “On May 11, the intruder made a change to our system to grant themselves a privileged access on production. This change was quickly identified and we revoked their access network-wide, began investigating the intrusion, and began taking steps to remediate the intrusion.”
To minimize the damage hackers can do, Stack Overflow maintains separate systems for the sites Teams, Business, and Enterprise customers.Read More – Source