Developer knowledge sharing site Stack Overflow has confirmed hackers breached its systems, but said customer data is unaffected. Stack Overflow, founded in 2008, has more than 50 million monthly active users who use the site to share code and knowledge. It remains one of the top 50 most popular sites on the web, according to rankings by internet analytics site Alexa.
Update on Stack Overflows breach – Stack Overflow has confirmed that that approximately 250 public network users were affected and affected users will be notified.
— CybersecFill (@CybersecFill) May 18, 2019
Byron Rashed, VP of Marketing at Centripetal:
“Although credentials were not compromised, code can be used by cybercriminals to find backdoors into various platforms or inject malicious code that can create vulnerabilities (if not caught in QA). If code is placed in production with a vulnerability only known to the hacker, this could be a huge issue since some sharing of code and open source is used in commercial applications. We’ve seen various vulnerabilities in shared and open source codes such as SSL, SSH1, and SSH1, PHP and other protocols/platforms. Finding code-based vulnerabilities is not an easy task and if it’s an OS vulnerability, it’s a huge risk!”
Colin Bastable, CEO at Lucy Security:
“This looks like an attempt to build a database of developers to attack and potentially compromise their code, exploit their trusted relationships and build fake “advisory” relationships. Probably State sponsored and a logical point of attack. PII may not be the objective. “