For those who run on Matrix.org and wonder why there is no connection:
Matrix announced an emergency maintenance… on Twitter:
Sadly @matrix didn't receive the love it deserves and informs the Fediverse.
Anyway, that's why we have a community. We compensate short coming of each other and together make sure the world becomes a better place!
Matrix is coming back up! One of the first things happening was writing a new blog post about the incident which you can find here:
TL;DR: Some outdated software was discovered and cracked by an attack which then had access to various data points.
Important: Change your password ASAP (including NickServ when you used the IRC bridges)
Hint: The homeserver is not back up yet.
Too early to be happy, seems like the attacker found their way in and is still around on Matrix's infrastructure.
The attack has proven themselves to have shell access on their synapse instance, which is definitely bad. It means that all user accounts are compromised and have to be reset.
There will go a lot of efforts into figuring out the details and fixing the vulnerability.
Meanwhile, send some love to the people behind matrix!
There are new keys for the official matrix repositories with the key ids:
Those come along with a new package that are build on fresh infrastructure. No details if they now sign packages offline, yet.