AdvisoryCommittee/2016-04-data-breach

From W3C Wiki

This Member-only FAQ is for the W3C Membership, regarding a security breach [AC announcement]. We will continue to update this FAQ as our understanding evolves.

Q. How did the breach occur?

Exploiting a vulnerability in a particular irc client, the attacker masqueraded as the "nickserv" service on irc.w3.org and captured some Team credentials.

Q. Has this vulnerability been addressed?

Yes, and we continue to evaluate and improve our response.

Q. What information was leaked?

  • Member and Team meeting minutes created from IRC logs
  • Some additional individual archived Team mail messages
  • Advisory Board mail archives

Q. Do I need to change my password?

We recommend updating your password routinely. A 15-year-old password file was included in the data breach. When a data breach is known to have occurred it is wise to update again. Use our password reset form to reset your W3C web account password.

Q. Will W3C change its practices regarding mail or minutes?

Today that is an open question for discussion.

Q. Do I need to change software that I use for work at W3C?

We are evaluating an apparent vulnerability in the Colloquy IRC client and may have configuration suggestions for improved security.

Q. What else should I do or not do in light of this breach?

  • If you become aware of information from unauthenticated parties about this breach, please be cautious. Visiting those Web sites may expose private information from your own browser or you might encounter malware.
Retrieved from "https://www.w3.org/wiki/index.php?title=AdvisoryCommittee/2016-04-data-breach&oldid=98125"