> Summary is: an attacker accessed the production infra that runs (link: http://matrix.org) matrix.org, hence the rebuild. Source code & packages are unaffected.
> We do not think user data was targeted, but are playing it safe.
They don't think "user data was targeted"? I mean chat is super sensible information, how can you assume this?
What could have been the case is that their possible vulnerable Wordpress instance got compromised?
I hope they had their Linux host properly secured, judging by their documentation on hosting I don't see their strengths in hosting infrastructure, but I don't know who is actually hosting this infrastructure.
The reason we think that user data wasn't the target is based on looking at the attacker's trail, which appears more focused on seeking additional credentials rather than exfiltrating user data.
because they commented on this thread impersonating Matrix.org, before some kind of HN moderation mechanism kicked in and removed the comment entirely.
> Summary is: an attacker accessed the production infra that runs (link: http://matrix.org) matrix.org, hence the rebuild. Source code & packages are unaffected.
> We do not think user data was targeted, but are playing it safe.
They don't think "user data was targeted"? I mean chat is super sensible information, how can you assume this?
What could have been the case is that their possible vulnerable Wordpress instance got compromised?
I hope they had their Linux host properly secured, judging by their documentation on hosting I don't see their strengths in hosting infrastructure, but I don't know who is actually hosting this infrastructure.
https://www.shodan.io/host/104.20.20.236
https://www.shodan.io/host/104.20.21.236
PS: Kudos for their quick public communication, I hope there is going to be a recap soon.