- It was discovered that the attackers retrieved different parts of user data in the breach.
- Stack Overflow has mentioned that around 250 public network users were affected.
In a new revelation, Stack Overflow has acknowledged that attackers made efforts to compromise user data after illegally gaining access to its production systems. In an update, Mary Ferguson, VP of Engineering at Stack Overflow, told that the actors made ‘privileged web requests’ to retrieve data such as IP address, names, or emails of certain users of its owner site Stack Exchange.
- In the update, Ferguson mentions that a build meant for the development tier for the site had a bug which let attackers log into the tier and access the production version of stackoverflow.com. Attackers could also escalate their access due to this flaw.
- As a result, an attacker made a change to the production system to grant themselves privileged access. However, the Stack Overflow team took measures to prevent the attacker from spreading into their network.
- The attacker reportedly accessed the network on May 5 and carried out exploration activities till May 11. The privilege escalation was performed on May 11.
- Stack Overflow had earlier said that no customer data was accessed or impacted from the breach.
Certain users directly affected
Ferguson indicated that the attackers leveraged privilege escalation to obtain user data. “While our overall user database was not compromised, we have identified privileged web requests that the attacker made that could have returned IP address, names, or emails for a very small number of Stack Exchange users. Our team is currently reviewing these logs and will be providing appropriate notifications to any users who are impacted,” she said.
As of now, around 250 public network users. Stack Overflow has told that it has taken countermeasures to curtail this incident.