OpenWRT, an open-source project that offers free firmware for home routers, is the latest victim of a data breach. OpenWRT’s administrator forum has been reportedly accessed and breached, and the attackers have downloaded a copy of the users’ list that contained email addresses, handles, and other statistical information of the forum users.
Strong Password but no 2FA
While it is unknown how the attackers compromised the account, the forum administrators stated that the account had a strong password but did not have two-factor authentication (2FA). “Although we do not believe the intruder could download the database, from an abundance of caution, we are following the advice of the Discourse community and have reset all passwords on the Forum, and flushed any API keys,” the OpenWRT’s administrators said.
OpenWRT admins warned community users and impacted users to be vigilant of various phishing attacks. Besides, the admins suggested security measures, which include:
- Reset your password by manually typing the following link without spaces on https://forum. openwrt.org. Enter your username and follow the “get a new password”
- Assume that your email address and handle have been disclosed. That means you may get phishing emails that include your name. Don’t click links, but instead manually type the URL of the forum as above.
- If you use the Github login/OAuth key, you should reset/refresh it.
- OpenWrt forum credentials are entirely independent of the OpenWrt Wiki (https://openwrt.org). There is no reason to believe there has been any compromise to the Wiki credentials.
Knowledge, Possession, Identity
- With the surge in security breaches and digital fraud, data protection has never been more crucial. 2FA is gaining momentum, but it is more common than you think. It plays on three factors:
- Knowledge (something you know): A pin, password, or username.
- Possession (something you have): An ATM or debit card, phone, token, etc.
- Identity (something you are): Facial recognition, voice note, or fingerprint.
Take some time and make it harder for identity thieves!