For those who run on Matrix.org and wonder why there is no connection:
Matrix announced an emergency maintenance… on Twitter:
https://twitter.com/matrixdotorg/status/1116304867683905537
Sadly @matrix didn't receive the love it deserves and informs the Fediverse.
Anyway, that's why we have a community. We compensate short coming of each other and together make sure the world becomes a better place!
Matrix is coming back up! One of the first things happening was writing a new blog post about the incident which you can find here:
https://matrix.org/blog/2019/04/11/security-incident/
TL;DR: Some outdated software was discovered and cracked by an attack which then had access to various data points.
Important: Change your password ASAP (including NickServ when you used the IRC bridges)
Hint: The homeserver is not back up yet.
The homeservers are back up 🎉
It seems like they are missing some pictures right now, I guess those will come back later.
Make sure you change your password (and NickServ passwords) and happy chatting!
See you around 👋
Too early to be happy, seems like the attacker found their way in and is still around on Matrix's infrastructure.
The attack has proven themselves to have shell access on their synapse instance, which is definitely bad. It means that all user accounts are compromised and have to be reset.
https://twitter.com/matrixdotorg/status/1116593380102852608
There will go a lot of efforts into figuring out the details and fixing the vulnerability.
Meanwhile, send some love to the people behind matrix!
@Divert Since I guess you use some Debian base system:
apt-key del AD0592FE47F0DF61
or apt-key del E019645248E8F4A1
@Divert As far as I know there aren't new ones yet. The keys along with the repositories where removed and will be rebuild during the upcoming week.
Sheogorath
Divert
kl3bdp