Matrix.org publishes timeline after security breach:
https://matrix.org/blog/2019/04/11/security-incident/
– the attacker exploited vulnerabilities in Jenkins
– the attacker had full database access, including access to unencrypted content like private messages, passwords hashes, access tokens
– Matrix.org recommends changing your password (including NickServ password)
@infosechandbook Seems like #matrix is still #breached. matrix.org shows a manifesto.
@infosechandbook
Matrix is such a mess. I've been using it for like a year and this is about the third MAJOR security problem they had. Avoid at all cost.
@aladar
I can't remember the other two. Could you refresh my memory?
@infosechandbook
@vbrandl
There's been bugs that destroyed rooms to the point of having to delete the entire history, I don't even know if they're foxss yet since they were already old at the point I learned of them
@infosechandbook
@infosechandbook Looks down again. :/