We recently faced a minor security incident at the OpenBazaar GitHub repository. An attacker was able to briefly gain push access and make code changes that remained undetected for about one hour, by pretending to be a developer with contributor access who lost access to his normal account. The changes that the attacker made to the code were insignificant and were not related to security – they were mostly tests. Only the “develop” branch was affected, not the “master” branch. As our users run the “master” branch, we expect no users to be affected by this breach. We reverted the code changes immediately and access rights were restored. We don’t expect anyone to be affected by this attack. As a response to the attack, we are on the process of developing more rigorous security policies which would require proper authentication for committer username changes. Our new policies will also include operational security requirements for existing developers. In response to the attack and in coordination with GitHub, we have ensured that the accounts of the attacker have been appropriately banned. As part of our transparency commitment to our users, we are publishing this security incident so that people are aware of our potential problems and solutions. Our full incident response post-mortem report is made available for the community to read.

Do you want to help build this with us?

Download OpenBazaar right now to start buying or selling in minutes or just see what's for sale at OpenBazaar.com.

Developers, join us on Github to contribute to this open-source project!

Recent updates

Hacktoberfest with OpenBazaar: Help Make Trade Free, Get Rewards
We believe collaboration and individual empowerment are important which is why we love digital currencies like Bitcoin, and why we built OpenBazaar as an open source marketplace. We support events that bring together people from all around the world to...
read more
OpenBazaar Developer Call - October 11, 2018
This is a video recording of the OpenBazaar Developer call on October 11, 2018.
read more
Shop OpenBazaar - Casa Store, Crypto Greeting Cards, and Crypto Republic
Want to know what you can buy with Bitcoin? (Or Bitcoin Cash, or Zcash?)
read more
How to Buy Cryptocurrencies Privately with no Fees
This tutorial will explain how to purchase cryptocurrencies on OpenBazaar, a decentralized marketplace which never has platform fees and doesn’t require registering an account. You’ll learn how to buy cryptocurrency with a different cryptocurrency, such as Bitcoin. At the moment...
read more