According to a message posted on the project's forum and distributed via multiple Linux and FOSS-themed mailing lists, the security breach took place on Saturday, January 16, around 16:00 GMT, after a hacker accessed the account of a forum administrator.
"It is not known how the account was accessed: the account had a good password, but did not have two-factor authentication enabled," the message reads.
The OpenWRT team said that while the attacker was not able to download a full copy of its database, the attack did download a list of forum users, which included personal details such as forum usernames and email addresses.
No passwords were included in the downloaded data, but citing an "abundance of caution," OpenWRT administrators have reset all forum user passwords and API keys.
The project is now informing users that the next time they log into their accounts, they'll need to go through the password recovery procedure. This process is also mandatory for those using OAuth tokens, who will need to re-sync their accounts.
Great phishing opportunity for supply chain attacks
Furthermore, OpenWRT admins are also warning forum users that they also might see an increase in email phishing attempts.
While some might argue about what's so important about an OpenWRT forum account, the portal is often frequented by developers working for companies that sell OpenWRT-compatible routers or software.
Compromising a forum account on OpenWRT could be the first step towards escalating access into the internal networks of many hardware and software development companies.
As a result, the OpenWRT team is urging forum users not to click any links inside emails they receive claiming to come from its domain. Instead, users should type the forum's URL (forum.openwrt.org) in their browser address bar by hand and access it this way instead.
OpenWRT admins said that only forum user data appears to have been compromised for now. The OpenWRT wiki, which provides official download links and information about how users could install the firmware on various proprietary router models, was not breached, based on current evidence.