Exploit: Credentials leak.
Matrix.org: Internet protocol for decentralized communication including instant messaging, VoIP, IoT, and more.
Risk to Small Business: 2.111 = Severe: A hacker accessed hosting servers for the Matrix.org platform, providing them access to several of the company’s database and exposing unencrypted personal data. The attackers capitalized on outdated software to access the servers. The breach caused widespread network outages that shut down many messaging platforms for hours while the company rebuilt its production servers.
Individual Risk: 2.428 = Severe Matrix.org’s communication protocols are predicated on privacy, and this incident may have compromised unencrypted content like private messages, password hashes, and access tokens. All users were logged out and asked to change their passwords, and certain data including encrypted conversation history may no longer be available.
Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Matrix.org may have escaped the most catastrophic consequences of a data breach, but they will struggle to rebuild their infrastructure and user trust for a long time. Unfortunately, this entire incident may have been avoided through a simple software update. By deploying security software that provides offer a high-level snapshot of a company’s security vulnerabilities, it’s possible to protect against preventable data breaches.
ClearYolk to the Rescue: With our Phishing service we can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection.
https://www.zdnet.com/article/matrix-hack-forces-servers-offline-user-credentials-leaked/
