Developer community Stack Overflow has confirmed that some of its user data has been accessed in the breach it suffered this month.
Originally Stack Overflow stated that they experienced an intrusion into its systems on May 11, but this has now been pushed back to May 5, the date it believes its systems were first accessed.
Mary Ferguson VP of Engineering at Stack Overflow confirmed in a security blog post that: “We have identified privileged web requests that the attacker made that could have returned IP address, names, or emails for a very small number of Stack Exchange users.”
Stack Overflow later confirmed that the web request went out to approximately 250 public networks. The company is working to inform all users who are affected by the breach and are continuing steps to contain the damage.
According to Stack Overflow the hacker gained access to their systems by exploiting a vulnerability in a build deployed to the development tier of stackoverflow.com. This bug allowed the hacker to log into the development tier of the platform and gave them the ability to upgrade their access privileges.
Following its investigation Stack Overflow has discovered that the hacker was just exploring and probing Stack Overflow’s internal systems until they decided to grant themselves privileged access to the production tier systems. The company notes that at this point they quickly identified the breach and “revoked their access network-wide, began investigating the intrusion.”
Ferguson commented that: “Our customers’ and users’ security is of the utmost importance to us. After we conclude our investigation cycle, we will provide more information.”
Stack Overflow
Stack Overflow was founded in 2008 and is one of the world’s largest online communities in which developers and coders congregate to share knowledge and job opportunities.
The site states that it has over 50 million unique visitors each month, while the platform itself has over ten million registered users.
Many of these visitors are coders looking for a detailed solution to a particular coding problem that may have been already solved and posted to the platform.
The platform works on a reputation points system to differentiate user level and their positive engagement with the platform. Upon contributing to a question they are reward with points and badges if they are deemed by the community to have given a valid solution to the problem.