Follow

Matrix.org publishes timeline after security breach:

matrix.org/blog/2019/04/11/sec

– the attacker exploited vulnerabilities in Jenkins
– the attacker had full database access, including access to unencrypted content like private messages, passwords hashes, access tokens
– Matrix.org recommends changing your password (including NickServ password)

@infosechandbook
Matrix is such a mess. I've been using it for like a year and this is about the third MAJOR security problem they had. Avoid at all cost.

@aladar
I can't remember the other two. Could you refresh my memory?
@infosechandbook

@vbrandl
There's been bugs that destroyed rooms to the point of having to delete the entire history, I don't even know if they're foxss yet since they were already old at the point I learned of them
@infosechandbook

Sign in to participate in the conversation
Mastodon

mastodon.at is a microblogging site that federates with most instances on the Fediverse.