The hacking of Stack Overflow is still under investigation, and the official blog reveals the latest developments in the investigation. The intrusion actually took place on May 5, when the build of the development tier deployed to stackoverflow.com contained an error that allowed the attacker to log in to the development tier and upgrade their access rights on the production version of the site.
The hacker sneaked into the system and explored it for at least five days without being discovered until May 11. “Between May 5 and May 11, the intruder contained their activities to exploration. On May 11, the intruder made a change to our system to grant themselves a privileged access on production. This change was quickly identified and we revoked their access network-wide, began investigating the intrusion, and began taking steps to remediate the intrusion. ”
The investigation revealed that the overall user database was not compromised and that the privileged web requests made by the attacker have been determined, and that these requests returned the IP address, name, or email of approximately 250 Stack Exchange users. Affected users will soon receive official notifications.
The Stack Overflow team stated that it would take the following actions for this security incident:
- Terminating the unauthorized access to the system
- Conducting an extensive and detailed audit of all logs and databases that we maintain, allowing us to trace the steps and actions that were taken
- Remediating the original issues that allowed the unauthorized access and escalation, as well as any other potential vectors that we have found during the investigation
- Issuing a public statement proactively
- Engaging a third party forensics and incident response firm to assist us with both remediation and learnings
- Taking precautionary measures such as cycling secrets, resetting company passwords, and evaluating systems and security levels
The investigation of the incident is still not over, and Stack Overflow will continue to publish more information.