
Cryptocurrency miner installed on Ello via Cloudflare hack - dredmorbius
https://ello.co/noudio/post/m5nrhewciyh7i1ajzlvgrg
======
dredmorbius
This report comes by way of a comment to a user post. There's no clear
headline available, I've supplied a descriptive one.

Ello engineer colinta writes:

 _Someone was able to access our Cloudflare account. This is bad bad very bad,
but as far as we can tell they did very little; they added a js.ello.co record
and pointed it to their own server, then they copied our React javascript code
and added their own mining code to it (not bitcoin, btw, they were mining for
"Monero", which I'm unfamiliar with). Then they added a 301 redirect rule to
serve their js file whenever our file was requested._

 _They could have done a lot more damage, for one they could have locked us
out of our account. It 's really strange that they didn't, which indicates
maybe that they were using an API key (you can't change the password that
way)._

 _So we have now reset all of our passwords and API keys for everything that
Cloudflare touches, and we reached out to Cloudflare to see if they can give
us more information. We think that this hack started at ~11:30am mountain
time, and was on the site for ~4 hours._

The attack also seems to be making rounds, so folks might want to keep a close
eye on their own stacks.

