A hacker may have accessed Stack Overflow user data for over a week in a hack that went undetected for an extended period of time. The Stack Overflow breach in May 2019 was described as a 'severe breach' of its production systems which may have exposed data including IP address, names, or emails for a small number of users by a user who managed to grant themselves privileged access. Affected users, which may number around 250, will be contacted by Stack Overflow to alert them of the breach. The company announced the breach on its blog as soon as they became aware of the issue.
[Ed Note - Stack Overflow originally stated that there was no evidence of the hacker accessing user data. They revised that statement on Friday.]
This discussion has been archived.
No new comments can be posted.
Stack Overflow Hacker Undetected for a Week
|
Log In/Create an Account
| Top
| 16 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
(1)
(Score: 2, Disagree) by VLM on Monday May 20 2019, @12:31PM (14 children)
Its a culture problem at SO
Go to google search bar type "Stack overflow is " and get suggested searches like "Stack overflow is toxic"
Also some poor bastard probably tried to report the security hole and its the most SO thing ever, to random close questions as "off topic"
The problem with SO is some/most of the mods and management seem identical in behavior to what you'd expect from a theoretical group hell bent on the destruction of SO. Now who is brigading SO to destroy it from the inside, presumably for profit or LOLs? Donno, but someone is obviously doing it.
The killer problem for SO is the groupthink drives away all cutting edge or important or nuanced discussion and the only permitted discussion on SO is on the order of "Please name the options for Samba idmap config schema modes?" however in the real world nobody uses SO for that because its infinitely faster to find out from Google or (gasp!) the project wiki manpages and docs. So the only people using SO are using it for troll and toxicity purposes.
(Score: 5, Touché) by takyon on Monday May 20 2019, @12:39PM
Stack Overflow got security tips by asking Stack Overflow users.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 4, Interesting) by Anonymous Coward on Monday May 20 2019, @01:22PM (2 children)
Stack Overflow has its issues, but I'm not sure what you think the killer problem is about not having nuanced discussion. It's not there for asking people their opinions on things.
It's explicitly, unambiguously, emphatically not a forum for discussion. It's for questions about solvable programming problems and the answers for them.
The thing is, you're also right. It does seem to have this air about it like you say.
On one hand is a group of employees and moderators that want to reduce that feeling of toxicity. They want to give people a chance to clean up their questions without getting snarky comments about how terrible their question/code is.
To them feels like there's a bunch of toxic power users closing questions and down voting and deleting things... and that makes new users feel unwelcome. Obviously this has consequences if users don't actually feel like they can use the site without getting ripped a new one. Eventual decline of the userbase being their primary concern for this group.
On the other hand is a group of long-term users trying keep Stack Overflow from drowning in duplicates and low quality "gimme teh codes" questions. You don't need 11,000 questions about "What is a null reference exception?" but that's what they're up against. A constant stream of people that don't put effort into understanding their own code, much less understanding the error message they got. To this side it feels like they're being told they need to let SO drown in the unending flow of homework questions, help vampires, and off-topic questions or face the label of being "unwelcoming." Of course, it doesn't help when the 11,001st person to ask "Why am I seeing *this* null reference exception" gets closed as the duplicate it is, the questioner responds with "Nuh uh! Mine is different!" and the cycle continues.
Which side is the more destructive to the site remains to be seen.
(Score: 3, Insightful) by Anonymous Coward on Monday May 20 2019, @01:42PM (1 child)
Moral of the story is that you use SO for searching for answers, not for posting questions.
(Score: 2) by VLM on Tuesday May 21 2019, @11:52AM
The problem is, google searches (heck, manpages...) do a faster better job in the very narrow context of acceptable discussion topics.
I'm not asking for open climate change political debates in a forum suitable for Samba server configuration discussion; but they need to be more open minded than a forum dedicated to "let me Fing google this for you" class of questions.
Or not; stack overflow is not very popular in the category of something worldwide and open and free. I find it fascinating that my local public library would require only 25 years of annual visits to host all of S.O. registered users. Admittedly SO is only a decade old, but also keep in mind my local suburban public library is not exactly The Library Of Congress or similar famousness.
(Score: 1, Informative) by Anonymous Coward on Monday May 20 2019, @01:58PM
I've never seen this myself in the 7 odd years I've been using it.
(Score: 4, Interesting) by pkrasimirov on Monday May 20 2019, @02:03PM (4 children)
Culture problem you say...
Culture!
There are people who answer questions on Stack Overflow.
There are people who ask questions on Stack Overflow.
There are people who google questions and read Stack Overflow.
And then there are some who google and copy from Stack Overflow without reading, much less trying to understand.
The bottom of this list are those who copy from the question and then "ask a colleague to help". Meaning they hand you their mouse and keyboard and wait for you to do their work while careful not to give any opinion or make a statement. Note the managers are fine with this as long as the job is 1. (reportedly) done and 2. in time.
Not sure which exactly culture you are talking about.
(Score: 2) by ikanreed on Monday May 20 2019, @03:33PM (1 child)
then there's people who google your post and copy it wholesale into a python script to fix an issue.
Wait, what the fuck's a "syntax error"?
(Score: 4, Funny) by takyon on Monday May 20 2019, @08:57PM
Something about cigarettes and booze.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 0) by Anonymous Coward on Monday May 20 2019, @03:53PM
The culture of the group responsible for the site architecture of a place where supposedly people knowledgeable about IT congregate yet that site managed to give up credentials such that their "IT Experts Site" was pwned and identity theft occurred. So are you a moron or are you deliberately going off topic trying to make this a whatabout?
(Score: 1, Interesting) by Anonymous Coward on Monday May 20 2019, @11:26PM
Since Stack Overflow has literally millions of questions on tens of thousands of programming subjects, I suspect it has hit project maturity. This is a good thing! Unfortunately it comes with a lot of baggage.
I think you're right about the culture issue. It does come down to roughly the categories you mention. Reputation is probably roughly divided in the order of the groups you refer to. Thus, the moderation tools available to each group are provided in the same scale. This means answerers have far more weight than questioners. Another side-effect is new users get far less reputation now simply because everything is slowing down.
There's no easy answer to their issues, but the problem still remains the approximate of: Do you support the quality of the site over everything else, or do you support inclusiveness over everything else?
It's really not an easy answer in my opinion, and I say that as someone who's given dozens of answers on Stack Overflow. On the one hand, I've been annoyed that questions I've worked to answer were deleted because they really was terrible and/or off topic. That was a learning process for me on how the site works. It helped me to learn I should not polish turds.
However, the most rewarding thing for me is answering questions. I've felt incredibly rewarded helping someone solve a problem they're working on that nobody else could answer. The imaginary internet points are nothing compared to helping someone solve an issue that is so complex or massive that nothing short of making their own solution will do. Those are the types of questions I look for. They are uncommon, but they're out there. They're honest problems, not homework problems. Stack Overflow is still the best place for that kind of question and I think that's why they are still important.
It's nowhere near the same purpose as SoylentNews, but I think their mission is just as valuable.
(Score: 3, Funny) by Thexalon on Monday May 20 2019, @06:48PM
That's it, I'm going back to ExpertSexChange for copy-pasteable code!
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 1, Interesting) by Anonymous Coward on Monday May 20 2019, @08:38PM (2 children)
I don't ever bother to post questions or answers on SO b/c of all their goddamn rules. The app has all kinds of rules before the mods ever start interfering. Fuck their authoritarian wet dream of a site.
(Score: 1, Insightful) by Anonymous Coward on Tuesday May 21 2019, @12:50AM (1 child)
StackExchange, Wikipedia, SoylentNews...
All forum based websites have this in common: a smallish number of people have not much else in their lives but they are kings and queens on this ONE site. It's theirs! They stay on the site all day and just drown out anyone else. It's theirs, and they let you know it.
(Score: 2) by takyon on Tuesday May 21 2019, @04:11AM
Fall in line, pleb.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 0) by Anonymous Coward on Monday May 20 2019, @04:28PM
We're so important someone wants to get our data on ip addresses and usernames. We're so nice we had to let everybody know. That there was a major breach that may have affected up to 5.8% of users.
In the age of short attention spans and becoming irrelevant in two weeks, no news is bad news. Just the fact that we're discussing this 'news' story tells you that they want to be in the news.