19 January 21, 18:06
Quote:Users of the Linux-based open-source firmware—which include developers from commercial router companies–may be targeted by phishing campaigns, administrators warn.
The forum supporting the community for OpenWrt suffered a security breach over the weekend, giving hackers access to e-mail addresses, user handles and additional private forum user information.
Those that maintain the forum for the Linux-based open-source firmware said the forum was breached in the early hours of Saturday Jan. 16, though how attackers got in remains unknown, according to a security notice posted to the forum’s home page. While the account had “a good password,” administrators acknowledged that the forum did not enable two-factor authentication for its users.
“The intruder was able to download a copy of the user list that contains email addresses, handles, and other statistical information about the users of the forum,” according to the notice, which also was sent out via a mailing list to forum users. This means that users should assume that their email address and handle have been disclosed and “may get phishing emails that include your name,” administrators said.
The OpenWrt Project is a Linux operating system for embedded devices that provides “a fully writable filesystem with package management,” according to its home page. Its basic components are Linux, util-linux, musl and BusyBox, all of which have been designed specifically to suit the memory and storage available on home networking devices.
Read more: https://threatpost.com/attackers-e-mails...um/163136/