- The maintainers of OpenWRT, an open-source project that provides free and customizable firmware for home routers, have disclosed a security breach that took place over the weekend.
- “It is not known how the account was accessed: the account had a good password, but did not have two-factor authentication enabled.”
- No passwords were included in the downloaded data, but citing an “abundance of caution,” OpenWRT administrators have reset all forum user passwords and API keys.
- OpenWRT admins said that only forum user data appears to have been compromised for now. The OpenWRT wiki, which provides official download links and information about how users could install the firmware on various proprietary router models, was not breached, based on current evidence.
– Catalin Cimpanu | January 18, 2021