Developers of the OpenWRT distribution notifying users about the hacking of the project forum ( forum.openwrt.org ). At about 7 am (MSK) on January 16, unknown attackers were able to gain access to the forum administrator account. How the account was compromised is not clear, it claims that a strong password was set, but two-factor authentication was not enabled.
During the attack, the attackers were able to download a list containing user parameters such as names, email and forum statistics. No direct evidence of a full user base leak was found, but as a precaution, all forum user passwords were reset and all API access keys cleared. It is noted that the forum operated separate from the openwrt.org Wiki site and did not overlap their databases.