ENIGMA Development Environment
Website is in read-only mode due to a recent attack.

Pages: 1
  Print  
Author Topic: Recent website attack  (Read 440 times)
Offline (Male) Josh @ Dreamland
Posted on: April 19, 2021, 10:01:59 PM

Prince of all Goldfish
Developer
Location: Pittsburgh, PA, USA
Joined: Feb 2008
Posts: 2951

View Profile Email
Hi folks,

We have some bad news, today. Due to a problem in the default configuration of this website's database engine, remote attackers were able to communicate directly with the databases backing this website, and eventually breached it. This means that malicious actors had access to the forums' SQL tables, including user data (private messages, email addresses, and password hashes). We have every reason to believe that these attackers have made their own copy of the data and will use it for further malicious purposes. Please help us ensure that the damage caused by this attack is low. It is unfortunate when these things happen, but it's a natural part of life in this day and age.

If you have an account on the forums, please make sure that you are not using your forum password for other services. There is no need to change your password on the forum right now: we are about to migrate to a new server as an extra precaution, and will blow away any changes made to this instance in the meantime.

We apologize for the inconvenience, but let us remind you that you should ABSOLUTELY NOT be reusing passwords anywhere. Please use a single master password along with a password manager with at two-factor authentication enabled, or end-to-end encryption enabled.

Ideally, your forum password should look like this: 9V0zWMIt+Uc7uDS+rBMYYA
And NOT like this: secretpassword123 dragonmonkey2 username11 tr0mb0n3

Your master password should look like this: WabysANbrpomt1s
Which you should remember like this:
  • We
  • apologize
  • but
  • you
  • should
  • ABSOLUTELY
  • NOT
  • be
  • reusing
  • passwords
  • on
  • more
  • than
  • 1
  • site

You may also get creative and replace NOT with !, or "and" with &. We recommend you do not use the above sentence and password directly.

We apologize again for the incident and thank you for helping us limit its damage.

Cheers

Logged
"That is the single most cryptic piece of code I have ever seen." -Master PobbleWobble
"I disapprove of what you say, but I will defend to the death your right to say it." -Evelyn Beatrice Hall, Friends of Voltaire
Offline (Male) Josh @ Dreamland
Reply #1 Posted on: April 19, 2021, 10:26:30 PM

Prince of all Goldfish
Developer
Location: Pittsburgh, PA, USA
Joined: Feb 2008
Posts: 2951

View Profile Email
For what it's worth, we're going to be looking into replacing our auth table with OpenID entirely, so that any future data breach is a complete joke.

(But then, I'm not expecting someone to threaten to distribute people's private messages.)
Logged
"That is the single most cryptic piece of code I have ever seen." -Master PobbleWobble
"I disapprove of what you say, but I will defend to the death your right to say it." -Evelyn Beatrice Hall, Friends of Voltaire
Pages: 1
  Print