Matrix.org publishes timeline after security breach:
– the attacker exploited vulnerabilities in Jenkins
– the attacker had full database access, including access to unencrypted content like private messages, passwords hashes, access tokens
– Matrix.org recommends changing your password (including NickServ password)
@infosechandbook Looks down again. :/
Matrix is such a mess. I've been using it for like a year and this is about the third MAJOR security problem they had. Avoid at all cost.
This instance was shut down on March 31st, 2020.