Stack overflow, the internet’s largest Q&A site for programming and development-related topics, has disclosed a security breach.
The company announced on Thursday that it has discovered unauthorized access to its production systems over the weekend.
The company immediately launched an investigation. At this time the company did not share technical details about the intrusion, it only revealed that has found no evidence that customer or user data was compromised.
Stack overflow said that hackers gained access to its internal network.
“Over the weekend, there was an attack on Stack Overflow,” said Mary Ferguson, VP of Engineering at Stack Overflow.
“We have confirmed that some level of production access was gained on May 11. We discovered and investigated the extent of the access and are addressing all known vulnerabilities.”
Stack Overflow was founded in 2008, and it has more than 10 million registered users, it is considered a trusted source for developer trends, it is one of the leading question & answer platforms for programmers.
Earlier, the breach was confirmed but it was not confirmed if there was any evidence that the hackers accessed customer’s account or users data. However, the updated announcement now says hackers executed privileged web requests, but were able to gain access to a very small portion of data, including IP address, names, and email address—and that for only a small number of users.
Mary Ferguson said in a post on Stack Overflow that “We can now confirm that our investigation suggests the requests in question affected approximately 250 public network users. Affected users will be notified by us.”
“Our team has taken, and continues to take, a number of steps as part of our response to this incident, including: ”
Terminating the unauthorized access to the system
- Conducting an extensive and detailed audit of all logs and databases that we maintain, allowing us to trace the steps and actions that were taken
- Remediating the original issues that allowed the unauthorized access and escalation, as well as any other potential vectors that we have found during the investigation
- Issuing a public statement proactively
- Engaging a third party forensics and incident response firm to assist us with both remediation and learnings
- Taking precautionary measures such as cycling secrets, resetting company passwords, and evaluating systems and security levels
Mary Ferguson said they will be providing more public information after our investigation cycle concludes.