Hey all,
A few of you may have noticed that the front page of our forums was compromised earlier, with a threat to release our database and leak user passwords. After some help from our dear Malcovent and some research from Psycho, we've determined that this is a hoax - this has been happening to other Minecraft-centric communities lately, and we were simply the latest target.
The weak link that lead to the compromise, unfortunately, was a certain administrator's password, and, having checked through admin logs, the only information that was accessed was front-end forum information - template changes which lead to the front page modification, and the removal of some now-reinstated administrators - not SQL data.
In short, we currently have no reason to believe that the database has been compromised, nor has password or personally identifying information been leaked. The mid-level forum access that was breached did not contain any user's passwords, passwords to other areas of our community, or database access. The threats were only an attempt to extort money out of the community.
All that being said, as with any forum "hack", EscapeRestart admins recommend changing your password, especially if you use it on other sites. Passwords are encrypted in the database, and while it is extremely unlikely that any information has been stolen, it's always better to be safe and change your password.
Moving forward into the future, we will be rolling out new forum upgrades in the coming month that includes two-step verification options for both staff and members - a significant upgrade in identify verification for our forums.
Until then, we've taken extra security steps to make sure this doesn't happen again. Please post any questions you may have below, or shoot myself and the other administrators a PM - I'd be happy to address them.
Nillbugwtw
A few of you may have noticed that the front page of our forums was compromised earlier, with a threat to release our database and leak user passwords. After some help from our dear Malcovent and some research from Psycho, we've determined that this is a hoax - this has been happening to other Minecraft-centric communities lately, and we were simply the latest target.
The weak link that lead to the compromise, unfortunately, was a certain administrator's password, and, having checked through admin logs, the only information that was accessed was front-end forum information - template changes which lead to the front page modification, and the removal of some now-reinstated administrators - not SQL data.
In short, we currently have no reason to believe that the database has been compromised, nor has password or personally identifying information been leaked. The mid-level forum access that was breached did not contain any user's passwords, passwords to other areas of our community, or database access. The threats were only an attempt to extort money out of the community.
All that being said, as with any forum "hack", EscapeRestart admins recommend changing your password, especially if you use it on other sites. Passwords are encrypted in the database, and while it is extremely unlikely that any information has been stolen, it's always better to be safe and change your password.
Moving forward into the future, we will be rolling out new forum upgrades in the coming month that includes two-step verification options for both staff and members - a significant upgrade in identify verification for our forums.
Until then, we've taken extra security steps to make sure this doesn't happen again. Please post any questions you may have below, or shoot myself and the other administrators a PM - I'd be happy to address them.
Nillbugwtw
