“Over the weekend, there was an attack on Stack Overflow. We have confirmed that some level of production access was gained on May 11,” wrote Mary Ferguson, Vice President of Engineering in a security update dated May 16. “We discovered and investigated the extent of the access and are addressing all known vulnerabilities. We have not identified any breach of customer or user data.” Back then, Ferguson mentioned that an investigation into the breach was ongoing. Further, on May 17, Ferguson posted another security update providing more insight on the investigation. “The intrusion originated on May 5 when a build deployed to the development tier for stackoverflow.com contained a bug, which allowed an attacker to log in to our development tier as well as escalate their access on the production version of stackoverflow.com,” Ferguson wrote. “Between May 5 and May 11, the intruder contained their activities to exploration. On May 11, the intruder made a change to our system to grant themselves a privileged access on production. This change was quickly identified and we revoked their access network-wide, began investigating the intrusion, and began taking steps to remediate the intrusion.” While the company’s overall user database was not compromised, Ferguson said that attacker had made privileged web requests that could have returned an IP address, names, or emails of Stack Exchange users. The company identified that the requests made by the attacker have affected approximately 250 public network users. While Stack plans to notify the affected users shortly, the company in the meanwhile is taking a number of steps as part of their response to the incident, which includes:
Terminating the unauthorized access to the system. Conducting an extensive and detailed audit of all logs and databases that we maintain, allowing us to trace the steps and actions that were taken. Remediating the original issues that allowed the unauthorized access and escalation, as well as any other potential vectors that we have found during the investigation. Issuing a public statement proactively. Engaging a third party forensics and incident response firm to assist us with both remediation and learnings. Taking precautionary measures such as cycling secrets, resetting company passwords, and evaluating systems and security levels.
The company plans to provide more public information after the conclusion of their investigation cycle. Founded in September 2008, Stack Overflow has over 50 million unique visitors each month with more than 10 million registered users on its site. In December 2018, another popular Q&A platform, Quora, revealed that they suffered a data breach where 100 million of its user data was compromised that exposed account information such as names, email addresses and hashed password.