It was reported last weekend that there was a breach happened with a production system of Developer knowledge sharing and Question Answer website Stack Overflow and that resulted the unauthorized access to the server that powers the website.
It was said last week that User data was not accessed but Stack Overflow confirmed that some of the user data were breached. VP of Engineering at Stack Overflow Mary Ferguson announced this in a blog post.
“The intrusion originated on May 5 when a build deployed to the development tier for stackoverflow.com contained a bug, which allowed an attacker to log in to our development tier as well as escalate their access on the production version of stackoverflow.com,” said Mary Ferguson, vice president of engineering.
Stack Overflow’s teams, business and enterprise customers are on separate, unaffected infrastructure, she said, and there’s “no evidence” that those systems were accessed. The company’s advertising and talent business is said to be unaffected.
“This change was quickly identified and we revoked their access network-wide, began investigating the intrusion, and began taking steps to remediate the intrusion,” she said.
In the blog post, Mary Ferguson wrote about the security update and also confirmed that company has identified some web requests that could return the email id, IP addresses and names of the users but she also assures that overall user database is not compromised.
“While our overall user database was not compromised, we have identified privileged web requests that the attacker made that could have returned IP address, names, or emails for a very small number of Stack Exchange users. Our team is currently reviewing these logs and will be providing appropriate notifications to any users who are impacted.” — She wrote
Company has started audits of all logs and also taking help of third-party forensics to do the root cause analysis of the breach.
About Stack Overflow — What wiki says
Stack Overflow is a question and answer site for professional and enthusiast programmers. It is a privately held website, the flagship site of the Stack Exchange Network, created in 2008 by Jeff Atwood and Joel Spolsky. It features questions and answers on a wide range of topics in computer programming. It was created to be a more open alternative to earlier question and answer sites such as Experts-Exchange. The name for the website was chosen by voting in April 2008 by readers of Coding Horror, Atwood’s popular programming blog.
The website serves as a platform for users to ask and answer questions, and, through membership and active participation, to vote questions and answers up or down and edit questions and answers in a fashion similar to a wiki or Digg. Users of Stack Overflow can earn reputation points and “badges”; for example, a person is awarded 10 reputation points for receiving an “up” vote on an answer given to a question and 5 points for the “up” vote of a question, and can receive badges for their valued contributions, which represents a kind of gamification of the traditional Q&A site. Users unlock new privileges with an increase in reputation like the ability to vote, comment, and even edit other people’s posts. All user-generated content is licensed under a Creative Commons Attribute-ShareAlike license.
Tags: stack overflow, stack >=< overflow, stack overflow post job, stack overflow data breach, stack overflow data accessed, Unauthorized access, spokenbyyou