News

Hackers attacked the Matrix: committed assault on Matrix.org servers

Uncommercial organization Matrix.org became victim of cyberattack that forced it to rebuilt all organizational structure and notify users about data leaks.

Matrix.org is a developer of an open communication standard in real-time mode through IPs for messages and files exchange, voice – and video calls. List of platforms that use this standard include Riot, WeeChat, Nheko, Quaternion etc.

On Thursday, April 11 representatives of organization reported that cybercriminals got access to their servers. Intruders entered production databases that allowed them to steal unencrypted information from messages, password hashes and authorization tokens.

After an attack, Matrix.org could not restore its work for several hours and had to rise its infrastructure from the beginning. Incident touched sites, databases, media-repositories etc, however, Modular.im servers, initial codes and packets were not hurt.

Cyberattack was possible due to vulnerability in the outdated version of Jerkins server. With the help of CVE-2019-1003000, CVE-2019-1003001 and CVE-2019-1003002 cybercriminals stolen inner SSH-keys and with their help got access to infrastructure.

Jaikey Sarraff, safety researcher, informed Matrix.org about vulnerabilities on April 9. Next day organization’s engineers located them and established full scale of the attack. On April 10, Jenkins server that became a source of a problem was removed and criminals lost access to data base.

In 24 hours Matrix.org turned on its main server and started rebuilding its infrastructure. All Matrix.org users were “kicked off” their accounts and organization asked them to change passwords.

Source: matrix.org/blog

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

View Comments

Recent Posts

Remove News-bfopeci.info pop-up ads (Virus Removal Guide)

News-bfopeci.info is a domain that tries to force you into subscribing to its browser notifications…

12 mins ago

Remove News-bfugaho.info pop-up ads (Virus Removal Guide)

News-bfugaho.info is a site that tries to force you into clik to its browser notifications…

13 mins ago

Remove News-bganise.info pop-up ads (Virus Removal Guide)

News-bganise.info is a domain that tries to trick you into clik to its browser notifications…

14 mins ago

Remove News-xhijupa pop-up ads (Virus Removal Guide)

News-xhijupa.com is a domain that tries to trick you into subscribing to its browser notifications…

16 mins ago

Remove News-xnicini.cc pop-up ads (Virus Removal Guide)

News-xnicini.cc is a domain that tries to trick you into subscribing to its browser notifications…

18 mins ago

Remove News-xpafema.cc pop-up ads (Virus Removal Guide)

News-xpafema.cc is a site that tries to trick you into subscribing to its browser notifications…

20 mins ago