Uncommercial organization Matrix.org became victim of cyberattack that forced it to rebuilt all organizational structure and notify users about data leaks.Matrix.org is a developer of an open communication standard in real-time mode through IPs for messages and files exchange, voice – and video calls. List of platforms that use this standard include Riot, WeeChat, Nheko, Quaternion etc.
On Thursday, April 11 representatives of organization reported that cybercriminals got access to their servers. Intruders entered production databases that allowed them to steal unencrypted information from messages, password hashes and authorization tokens.
After an attack, Matrix.org could not restore its work for several hours and had to rise its infrastructure from the beginning. Incident touched sites, databases, media-repositories etc, however, Modular.im servers, initial codes and packets were not hurt.
Cyberattack was possible due to vulnerability in the outdated version of Jerkins server. With the help of CVE-2019-1003000, CVE-2019-1003001 and CVE-2019-1003002 cybercriminals stolen inner SSH-keys and with their help got access to infrastructure.
Jaikey Sarraff, safety researcher, informed Matrix.org about vulnerabilities on April 9. Next day organization’s engineers located them and established full scale of the attack. On April 10, Jenkins server that became a source of a problem was removed and criminals lost access to data base.
In 24 hours Matrix.org turned on its main server and started rebuilding its infrastructure. All Matrix.org users were “kicked off” their accounts and organization asked them to change passwords.