Stack Overflow officials confirm data breach, claim that no customer data affected
In the official announcement, representatives of the famous Stack Overflow site announced about the recently discovered attack which helped hackers to access the site's production systems. Officials have also said that no customer data was accessed during this incident. The Internet's largest Q&A site for programmers and web developers disclosed the breach in Security Update post yesterday, May 16, 2019. As Mary Ferguson, VP of Engineering at Stack Overflow claims, the events are really fresh:
Over the weekend, there was an attack on Stack Overflow. We have confirmed that some level of production access was gained on May 11.
The investigation is still in the process, and there is still no particular information on how the hacker got access to the internal system nor for how long the security flaw was exploited. According to the company, users data was not accessed, but there is still a possibility that investigation reveals otherwise. More information should be posted after the completed investigation, as Ferguson said.
All known flaws have been patched by the company
During the attack, hackers accessed the internal network that included production systems. Although there is no information about the particular method the attacker used to gain access to the system, the company patched all known flaws immediately after discovering the breach to be sure about the further attacks. The incident was discovered internally, so there is no information about the danger for data regarding customers.
Our customers’ and users’ security is of the utmost importance to us. After we conclude our investigation cycle, we will provide more information.
Stack Overflow was started back in 2008, and it grew into a big community with more than 10 millions users. The platform is available in many different languages, including Japanese, Spanish, Russian, and English. More than 50 million visitors access the website every month. Problem-solving, Q&A website helps people to find jobs, solve issues, and develop skills. The page remains one of the 50 most popular sites on the internet, based on the list of the top 500 sites.
Not the first Q&A site announcing the security incident in the past year
Back in December 2018, another Q&A platform, Quora announced about a security incident. During the time, the company admitted that hacker got access to details of more than 100 million users. The breach exposed users' account information, including passwords, emails, and private messages.
Having in mind that such incidents can lead to more harmful issues, especially when sensitive information like full names, banking credentials, and similar data is breached, people should be careful with data they enter. Fortunately, none of Q&A platforms require sensitive information, preventing identity theft or further privacy issues.
Various personal details leaked in such data breach incidents or stolen from people directly during scams and fake survey campaigns can be used in numerous ways. Victims can face financial losses or identity thefts by falling for emails scams misusing their stolen information. Additionally, cybercriminals can try to make users pay ransoms by claiming that their personal information like email addresses, passwords or full names will be revealed online.