This article was published on August 1, 2013

Opscode’s wiki and ticketing system compromised: Names, usernames, email addresses, and hashed passwords


Opscode’s wiki and ticketing system compromised: Names, usernames, email addresses, and hashed passwords

Cloud infrastructure automation startup Opscode today revealed its open-source Chef wiki and ticketing system have been compromised. Information that was leaked included full names, usernames, email addresses, and hashed passwords.

The good news is that Opscode doesn’t believe other systems were impacted or that other data was compromised, meaning users’ Hosted Chef data and accounts should be safe. That being said, the investigation is still ongoing.

In the meantime, the startup is offering the following advice to its users:

We believe these passwords are adequately secure (the software in question uses the PBKDF2 algorithm), but we will be forcing a password change on the ticketing and wiki systems. If you use this password on other systems, we suggest choosing a new password on those systems as well. We will also contact the affected users via email today.

Details of the attack are scarce, but Opscode did reveal that a vulnerability in an unnamed third-party software that runs its wiki and ticketing system was exploited to gain access to that particular system. The attacker managed to gain escalated privileges for the system and downloaded the user database for both the wiki and ticketing system.

Opscode was alerted of the breach via its security monitoring service, confirmed the unauthorized activity, and then took steps to terminate it, isolate the affected systems, and secure forensic data. Unfortunately, the root of the problem has yet to be addressed.

The <3 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

“We are working with our third party software providers to identify the vulnerability and apply the appropriate patches to the systems,” Opscode says. “We will provide additional details as they become available. We’re very sorry about this incident. We take security seriously and are addressing the incident as our top priority.”

We’ll keep you posted if we learn more, but for now it seems Opscode is doing everything it can to address the issue. If you haven’t changed all your passwords yet, you should do so immediately.

Top Image Credit: Dimitris Kritsotakis

Get the TNW newsletter

Get the most important tech news in your inbox each week.