Encrypted Messaging Project "Matrix" Suffers Extensive Cyber Attack
Hackers defaced Matrix's website, and also stole unencrypted private messages, password hashes, access tokens, as well as GPG keys the project maintainers used for signing packages.
The cyber attack eventually forced the organization to shut down its entire production infrastructure for several hours and log all users out of Matrix.org.
So, if you have an account with Matrix.org service and do not have backups of your encryption keys or were not using server-side encryption key backup, unfortunately, you will not be able to read your entire encrypted conversation history.
Matrix is an open source end-to-end encrypted messaging protocol that allows anyone to self-host a messaging service on their own servers, powering many instant messengers, VoIP, WebRTC, bots and IoT communication.
Vulnerable Jenkins Allowed Attackers to Access Server
According to a press release published today by Matrix Project, unknown attackers exploited a sandbox bypass vulnerability in its production infrastructure on 4th April that was running on an outdated, vulnerable version of Jenkins automation server.
The Jenkins flaw allowed attackers to steal internal SSH keys, which they used to access Matrix's production infrastructure, eventually granting them access to unencrypted content, including personal messages, password hashes, and access tokens.
 |
| Screenshot Credit: David on Twitter |
The next day, Matrix.org also took its home server down and started rebuilding its production infrastructure from scratch, which has now been back online
ليست هناك تعليقات