Stack Overflow confirmed Thursday that it suffered a data breach last week and said that a “very small number” of users had some data exposed (via TechCrunch).
Stack Overflow is a website for developers to ask questions and get help from other users. According to TechCrunch, there was unauthorized access in the company’s front-end servers that power the site.
Mary Ferguson, Stack Overflow’s VP of engineering, said,
The intrusion originated on May 5 when a build deployed to the development tier for stackoverflow.com contained a bug, which allowed an attacker to log in to our development tier as well as escalate their access on the production version of stackoverflow.com.
This change was quickly identified and we revoked their access network-wide, began investigating the intrusion, and began taking steps to remediate the intrusion…we have identified privileged web requests that the attacker made that could have returned IP address, names, or emails [for some users].
The website has 10 million users, so a “very small number” could still be a lot. The company’s teams, business, and enterprise users weren’t affected, because those are on separate servers. Users who were affected will be notified by email.
A representative from Stack Overflow emailed to me to say that it actually is a very small number:
We can now confirm that our investigation suggests the intrusion affected approximately 250 public network users. Affected users will be notified by us.