By 
OpenWRT, an open-source project that provides free and customizable firmware for home routers, has divulged a security breach that happened
on Saturday, January 16, around 16:00 GMT, after an attacker accessed the account of a forum administrator.
“It is not known how the account was accessed: the account had a good password but did not have two-factor authentication enabled,” said the project’s team.
OpenWRT said that while the hacker could not download a full copy of its database, the attack did download a list of forum users, which included personal details such as forum usernames and email addresses.
The project is now notifying users that the next time they log into their accounts, they’ll need to go through the password recovery process, which is also binding for those using OAuth tokens.
While some might contend about what’s so significant about an OpenWRT forum account, the portal is often visited by developers working for companies that sell OpenWRT-compatible routers or software.
As per OpenWRT managers, only forum user data seems to have been affected for now. The OpenWRT wiki, which offers official download links and information about how users could install the firmware on several exclusive router models, was not violated, based on existing evidence.
