Hackers breach StackOverflow but steal no user data

The Q&A site confirmed a security incident over the weekend but says no customer data was taken

Image of the homepage for StackOverflow

One of the most popular question and answer (Q&A) sites for developers sustained a breach over the weekend, with attackers gaining access to production systems.

Executives with StackOverflow confirmed an attack on their systems last Saturday, 11 May, but added the unknown malicious actors did not take any customer or user data.

"Over the weekend, there was an attack on Stack Overflow," said the platform's vice president of engineering Mary Ferguson. "We have confirmed that some level of production access was gained on May 11."

The platform is among the most widely-accessed by computer programmers and developers. StackOverflow says more than 50 million users visit the site each month to pose development questions or provide answers themselves.

It's also used by rookie developers as a means to familiarise themselves with coding principles and practices, although some have criticised the platform for recently growing intolerant of new programmers.

"We discovered and investigated the extent of the access and are addressing all known vulnerabilities," Ferguson continued.

"We have not identified any breach of customer or user data. Our customers' and users' security is of the utmost importance to us. After we conclude our investigation cycle, we will provide more information."

The company has provided little information about the incident, including a timeline, and no technical analysis of how the breach occurred.

The platform is so integral to the wider programming community that one Twitter user even quipped: "I can bet the hacker used StackOverflow to help him code the hack!!"

IT Pro approached StackOverflow with a series of further questions around the hack but did not get a response at the time of publication.

Six months ago another popular Q&A site, Quora, suffered a security breach in which 100 million users' information was exposed. A "malicious third party" had gained unauthorised to the site, the company confirmed, and made away with users' email addresses, passwords, names and any other information tied to social media accounts linked with Quora accounts.

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

Best ransomware removal tools
ransomware

Best ransomware removal tools

22 Jan 2021
Hackers publish over 4,000 files stolen from SEPA in ransomware attack
Security

Hackers publish over 4,000 files stolen from SEPA in ransomware attack

22 Jan 2021
Weekly threat roundup: SAP, Windows 10, Chrome
vulnerability

Weekly threat roundup: SAP, Windows 10, Chrome

21 Jan 2021
Biden nominees highlight tough cyber security challenges
cyber security

Biden nominees highlight tough cyber security challenges

20 Jan 2021

Most Popular

School laptops sent by government arrive loaded with malware
malware

School laptops sent by government arrive loaded with malware

21 Jan 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

21 Jan 2021
What is the Raspberry Pi Pico?
Hardware

What is the Raspberry Pi Pico?

21 Jan 2021