FreeNode IRC Network Suffers Data Breach

The free and open source software-focused IRC network, FreeNode, identified that the company has infact suffered a data breach late Saturday.

FreeNode, formerly known as Open Projects Network, is an IRC network used to discuss peer-directed projects. Their servers are accessible through two domains, chat.freenode.net and irc.freenode.net. As of 2013, FreeNode was recognized to be the largest IRC network online to date, with more than 80,000 users and 40,000 channels, gaining almost 5,000 new users per year.

Starting late Saturday, FreeNode IRC infra team stated they identified irregular network traffic on a single IRC server, hinting at a possible security breach. Further investigation showed the server had been compromised by an “unknown third party.”

FreeNode’s team initially identified the security breach Saturday, and urged all users to change their passwords.

“Earlier today the freenode infra team noticed an anomaly on a single IRC server. We have since identified that this was indicative of the server being compromised by an unknown third party. We immediately started an investigation to map the extent of the problem and located similar issues with several other machines and have taken those offline. For now, since network traffic may have been sniffed, we recommend that everyone change their NickServ password as a precaution,” explained FreeNode’s mrmist.

“Since traffic may have been sniffed, you may also wish to consider any channel keys or similar secret information exchanged over the network,” the company added.

This is once again a timely reminder to not use the same password more than once across any number of websites. Just yesterday we saw Wordpress.com reset 100,000 users passwords due to the Gmail database leak.

It is highly recommended FreeNode users change their passwords, and the administrators give clear instructions on how to reset user passwords in their detailed blog post.