Follow

matrix.org have been pwned Vulnerabilities in the groovy plugin in , multiplied by the incorrect setting of the CI sandbox.

An attacker gained access to the servers hosting Matrix.org. The intruder had access to the production databases, potentially giving them access to unencrypted message data, password hashes and access tokens. As a precaution, if you're a matrix.org user you should change your password now.

crosspost from @matrix since their instance is currently down:

We’ve taken down the servers which host Matrix.org and Riot.im for emergency security maintenance - estimated downtime is several hours. More updates as we have them.

the security maintenance is to address issues with Matrix.org's production infrastructure. This is not a Synapse issue.

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.