Hacking attempt on central.owncloud.org


#1

EDIT: We talked to the attacker. No harm is done. Read the full story here: https://owncloud.org/news/owncloud-forum-hack-why-password-security-is-more-important-than-ever/

Dear users of central.owncloud.org,

Our community forum became the target of an attack. As a result, an intruder was able to determine the password of an admin account and downloaded a backup of the database by changing an email address. For security reasons, we had decided to take https://central.owncloud.org offline in order to avoid additional damage and to carry out a comprehensive security audit. We have reversed any changes and are now bringing this forum back online.

We kindly ask all users to immediately change their passwords on central.owncloud.org and on any other services where you used the same password. We also recommend activating 2-factor authentication if no authentication via GitHub or other login providers is active. If you have registered via GitHub, please enable 2-factor-authentication there as well.

If you find any security issues, please report it to us on Hackerone: https://hackerone.com/owncloud

Through the attack, the attacker gained access to the following data:
Full name, e-mail address, hashed password and any other data you have entered in your profile. This does NOT mean that the attacker knows your password - he has a hashed version of it, but as a precaution for possible brute-force attacks please change it, here and on all other services where you might be using the same password.

ownCloud is currently in contact with the attacker and, until now, no intention to use the captured data has been identified.

What we have done so far:
We reviewed all logfiles and reconstructed the exact chronology of hacker actions.
No file changes were detected during this process. Furthermore, all files were reset to the time before the attack. In addition, an update to Discourse 2.0.0 (beta 9) has been made. The version also includes the latest security updates. All modifications to the configuration have been undone. The admin access has been reduced to the absolute minimum.

We kindly ask our users to carry out the above measures and assure you that ownCloud will do everything possible to ensure the security of your data.

Your ownCloud Team


Discourse's analysis of the ownCloud forum hack
#4

#5