Stack Overflow Confirms That Hundreds Of Its User Data Are Exposed By Hackers

The knowledge-sharing website Stack Overflow confirmed that its systems were hacked, with “a very small number” of users had some of their data exposed.

"The intrusion originated on May 5 when a build deployed to the development tier for stackoverflow.com contained a bug, which allowed an attacker to log in to our development tier as well as escalate their access on the production version of stackoverflow.com," explained Mary Ferguson, vice president of engineering for Stack Overflow.

"On May 11, the intruder made a change to our system to grant themselves a privileged access on production. This change was quickly identified and we revoked their access network-wide, began investigating the intrusion, and began taking steps to remediate the intrusion."

Stack Overflow has around 10 million registered users, and Ferguson continued by saying that “approximately 250 public network users” were affected.

After breaching access to those accounts, the hackers were said to escalate their access.

To minimize the damage, Stack Overflow maintains separate systems for the site’s Teams, Business, and Enterprise customers. This is to contain the breach so it won't affect different user roles.

Investigators have found no evidence that these systems or the customer data belonging to them were accessed. The company’s advertising and talent businesses were also not affected, the VP said.

And realizing that its systems were hacked, Stack Overflow conducts "extensive" audits on all logs and its databases to trace the intruder’s steps, and to also gauge the level of access gained by the attacker. It has also fixed the original vulnerability that allowed the intrusion and escalation to happen in the first place.

The company has also received help from third-party forensics and incident response firm to assist it in both remediation and evaluation of systems and security levels.

Hyper-Threading

"While our overall user database was not compromised, we have identified privileged web requests that the attacker made that could have returned IP address, names, or emails for a very small number of Stack Exchange users,” said Mary Ferguson.

Ferguson continued by saying that all affected users will be notified.

Stack Overflow is a question and answer site for professional and enthusiast programmers. First established in 2008 by Jeff Atwood and Joel Spolsky, the site features questions and answers on a wide range of topics in the field of computer programming.

Having more than 50 million monthly active users who use the site to share code and knowledge, Stack Overflow is one of the top 40 most mainstream destination of the web, as indicated by internet analytics site Alexa.

Privately held, the flagship site of the Stack Exchange Network is supported by Marc Andreessen's venture capital firm Andreessen Horowitz and Jeff Bezos' personal venture capital investments Bezos Expeditions, raising $40 million up in its Series D funding round in 2015.

Published: 
18/05/2019