Skip to content
Magnus Edenhill edited this page Sep 30, 2021 · 30 revisions

SECURITY NOTICE

Incident: Unauthorized modification of librdkafka wiki page [July 2021]

Summary: On July 13, 2021, due to misconfigured project settings, an unauthorized editor added malicious links to the Github-hosted librdkafka wiki page. These links to malicious binaries masqueraded as librdkafka download links for different platforms, even though we have never distributed librdkafka in this manner. The librdkafka underlying source code, artifacts, binaries, releases, and packages were not impacted by this incident. The issue was detected and resolved on September 28, 2021.

What remedial actions have we taken to mitigate this?: The unauthorized edit was reverted and editing permissions were restricted. The other wiki pages have been inspected and checked for unauthorized edits. No other edits have been found.

Action Recommended: If you believe you have downloaded software by directly clicking on a link on the impacted page during the time period mentioned above, please inspect your computer for signs of malware installation. Based on our analysis, the malware delivered by these links did not attempt to impersonate the functionality of librdkafka or act as a “trojan horse”.


Generic

Consumer

Legacy Consumer

Producer