OpenSSL Data Breach (2013)

Last updated: 3rd January 2014 On Sun 29th December 2013 at around 1am GMT the home page of www.openssl.org was defaced. We restored the home page just after 3am GMT and started forensics, investigation, and recovery. The OpenSSL server is a virtual server which shares a hypervisor with other customers of the same ISP. Our investigation found that the attack was made through insecure passwords at the hosting provider, leading to control of the hypervisor management console, which then was used to manipulate our virtual server. The source repositories were audited and they were not affected. Other than the modification to the index.html page no changes to the website were made. No vulnerability in the OS or OpenSSL applications was used to perform this defacement. Steps have been taken to protect against this means of attack in future.