Hackers breached the Q&A Site of Stack Overflow thus exposing Some User Data

Stack Overflow is one of largest site of question and answer for the programmers. It has confirmed that some user data has been accessed as a result of a breach.

Founded in the year 2008 by Joel Spolsky and Jeff Atwood, Stack Overflow is flagship site of Stack Exchange Network. Stack Overflow is highly popular among the professional as well as enthusiast programmers, as it has more than 50,000 thousand unique visitors and 10 thousand registered users every month.

The site of developer knowledge sharing confirmed on May 16, 2019, about a breach of their systems, which resulted in the unauthorized access to the production systems -- front-facing servers which actively power the site.

Mary Ferguson, the vice-president of engineering, said that "the intrusion originated on May 5 when a build deployed to the development tier for stackoverflow.com contained a bug, which allowed an attacker to log in to our development tier as well as escalate their access on the production version of stackoverflow.com".

Ferguson also said that the intruder contained its activities in between May 5, 2019, and May 11, 2019, just to exploration. After sitting quiet for almost a week, the hackers executed the privileged web requests and were successful in gaining access to a limited portion of data, which includes names, email address, and IP address - and that also for a few users. The intruder is successful in making a change to the system on May 11, 2019, so as to have privileged access on production.

Ferguson said that "this change was quickly identified and we revoked their access network-wide, began investigating the intrusion, and began taking steps to remediate the intrusion".

Khalid El Khatib, the spokesperson, said that around 250 public network users have been affected. Ferguson said that they will notify all the affected users.

As part of their security procedures for protecting the sensitive customer data, Stack Overflow maintains separate infrastructure as well as networks for the customers of their teams, business and the enterprise products. There is no evidence that suggest those systems have been accessed. Advertising as well as talent business of the company were also unaffected in this intrusion.

» SPAMfighter News - 6/5/2019