
Matrix.org Got Hacked - miduil
https://twitter.com/matrixdotorg/status/1116304867683905537
======
miduil
What bugs me is this statement:

> Summary is: an attacker accessed the production infra that runs (link:
> [http://matrix.org](http://matrix.org)) matrix.org, hence the rebuild.
> Source code & packages are unaffected.

> We do not think user data was targeted, but are playing it safe.

They don't think "user data was targeted"? I mean chat is super sensible
information, how can you assume this?

What could have been the case is that their possible vulnerable Wordpress
instance got compromised?

I hope they had their Linux host properly secured, judging by their
documentation on hosting I don't see their strengths in hosting
infrastructure, but I don't know who is actually hosting this infrastructure.

[https://www.shodan.io/host/104.20.20.236](https://www.shodan.io/host/104.20.20.236)

[https://www.shodan.io/host/104.20.21.236](https://www.shodan.io/host/104.20.21.236)

PS: Kudos for their quick public communication, I hope there is going to be a
recap soon.

~~~
Arathorn
The reason we think that user data wasn't the target is based on looking at
the attacker's trail, which appears more focused on seeking additional
credentials rather than exfiltrating user data.

[https://matrix.org/blog/2019/04/11/security-
incident/](https://matrix.org/blog/2019/04/11/security-incident/) is a recap
of the situation.

In other news,
[https://news.ycombinator.com/user?id=matrixdotorg](https://news.ycombinator.com/user?id=matrixdotorg)
isn't an official account for matrix.org, nor are they likely associated with
the project.

~~~
miduil
How/why do you refer to this account?

~~~
Arathorn
because they commented on this thread impersonating Matrix.org, before some
kind of HN moderation mechanism kicked in and removed the comment entirely.

~~~
miduil
Oh, thank you for clarifying.

------
ddelt
I was wondering why I was receiving 404s and 500s all day.

