[NOTICE] Data Security Incident
This afternoon, I noticed some strange heavy load on our Postgres database. After some initial investigation, it was discovered that a server misconfiguration left our Postgres database open to the internet since late January 2018.
- Translation services (i18n.haiku-os.org)
- Email addresses
- Hashed passwords (old accounts sha1, newer accounts pbkdf2_sha256)
- Trac (dev.haiku-os.org)
- Some emails (based on last session age)
- We got extremely lucky that user passwords were not contained in the database for Trac.
We have notified every individual who was directly impacted via email on behalf of Haiku, Inc. to ensure they are aware of the situation and the data leak.
We immediately secured the open database access when discovered today. Going forward, we are going to define better security policies and push to deploy a vm for a qa test environment where our configurations can be security tested before deployment to production.
We are doing what we can to communicate this incident as clearly as possible to the public and impacted users to assist them in their password changes. Haiku’s system administration team is conducting a thorough review of the potentially affected systems, and will notify you if there are any significant developments.
As a reminder in this imperfect password based world, some simple guidelines can help limit the scope of security incidents such as these:
We strongly recommend changing your password on the services impacted above, as well as changing your password on any other websites or services leveraging the same username/password combination.
- Update #3 from the Promotion Team
- GSOC 2021:Progress Report of Improvements to clang-format
- GSoC 2021 Progress Update 3: Coding style checker bot for Gerrit
- Haiku activity report - June 2021
- GSoC 2021 Progress Update 2: Modernizing Cardie (Caya)
- GSoC 2021: XFS support progress update
- GSoC 2021 Progress Update 2: Coding style checker bot for Gerrit
- Translation Work Needed in Preparation for Beta 3
- GSoC 2021 Progress Update 1: Modernizing Caya
- GSoC 2021 Progress Update 1: Coding style checker bot for Gerrit