After disclosing a breach earlier this week, Stack Overflow has confirmed some consumer knowledge was accessed.
In case you missed it, the developer data sharing website confirmed Thursday a breach of its methods final weekend, leading to unauthorized entry to manufacturing methods — the front-facing servers that actively powers the location. The corporate gave few particulars, besides that buyer knowledge was unaffected by the breach.
Now the corporate stated the intrusion on the web site started a few week earlier and “a really small quantity” of customers had some knowledge uncovered.
“The intrusion originated on Might 5 when a construct deployed to the event tier for stackoverflow.com contained a bug, which allowed an attacker to log in to our improvement tier in addition to escalate their entry on the manufacturing model of stackoverflow.com,” stated Mary Ferguson, vp of engineering.
“This variation was rapidly recognized and we revoked their entry network-wide, started investigating the intrusion, and started taking steps to remediate the intrusion,” she stated.
Though the consumer database wasn’t compromised, “we have now recognized privileged internet requests that the attacker made that might have returned IP deal with, names, or emails” for some customers.
The corporate didn’t instantly quantify what number of customers had been affected. Stack Overflow has 10 million registered customers. We’ve requested for clarification, however spokesperson Khalid El Khatib didn’t instantly remark
Affected customers will likely be notified, stated Ferguson.
Stack Overflow’s groups, enterprise and enterprise prospects are on separate, unaffected infrastructure, she stated, and there’s “no proof” that these methods had been accessed. The corporate’s promoting and expertise enterprise is claimed to be unaffected.
In response to the incident, the corporate terminated the unauthorized entry and is conducting an “in depth” audit of its logs to gauge the extent of entry gained by the attacker.