Our server costs ~$56 per month to run. Please consider donating or becoming a Patron to help keep the site running. Help us gain new members by following us on Twitter and liking our page on Facebook!
Current time: March 28, 2024, 5:45 am

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Minor Data Breach
#1
Minor Data Breach
At approximately 9:38 pm EST on December 14, the forum suffered a minor data breach. While making several modifications to the forum software, I accidentally introduced a bug which allowed any member (including guest users) to log into the account of any other user. The bug is now fixed.

I have checked the server logs in detail, and can confirm that this bug was used by a single person, the same person who reported it to the staff. This person used the bug to log into the account of a moderator, but did not access any areas of the forum specific to moderators. Specifically, they visited the main page, viewed the "Today's Posts" search results, and viewed the Member List. They did not view any thread or use any mod abilities. The person then logged into their own account twice using the bug.

As soon as I was alerted to the bug, I reverted the modifications and forcibly logged out all members. At the time, it was not immediately clear if any other accounts had been breached, and forcibly logging everyone out was the best solution. We apologize for the inconvenience this may have caused.

To make things absolutely clear:

1. The bug was only exploited by one person.
2. This person managed to access a moderator account, but did not perform any moderator actions. They also did not access any areas of the forum which may have revealed sensitive information.
3. The Admin area of the site was not breached, nor was it ever affected by the bug. It uses a totally separate login system.
4. No passwords were disclosed, or could be disclosed, via this bug.


We once again apologize for the inconvenience this may have caused, and I apologize for introducing the bug in the first place. I will try and answer any questions you might have regarding this incident.

- Tiberius
Reply
#2
RE: Minor Data Breach
Was it a malicious bug or just an untested updated piece of code?
No God, No fear.
Know God, Know fear.
Reply
#3
RE: Minor Data Breach
(December 15, 2018 at 1:44 am)ignoramus Wrote: Was it a malicious bug or just an untested updated piece of code?

The latter.
Reply
#4
RE: Minor Data Breach
It was my account that was breached, so they only had access to all of your ids for A69. /kidding

Thanks for fixing it so fast, and doing the work that led to this and the subsequent fix. I can’t wait for that announcement.
Reply
#5
RE: Minor Data Breach
Good catch! Thanks for posting an update and thanks for clarifying what data had (and had not) been exposed.
Reply
#6
RE: Minor Data Breach
Do I get free tacos for a year now?
Reply
#7
RE: Minor Data Breach
I feel violated that some utterly insignificant personal data of mine may have been briefly exposed and never used.  I am going to sue the Forum for a zillion, skajillion dollars.

Oh, and tacos for all.

Boru
‘But it does me no injury for my neighbour to say there are twenty gods or no gods. It neither picks my pocket nor breaks my leg.’ - Thomas Jefferson
Reply
#8
RE: Minor Data Breach
(looks around in panic) Phew! (still have virtual pants on)
I don't have an anger problem, I have an idiot problem.
Reply
#9
RE: Minor Data Breach
(December 15, 2018 at 3:33 am)no one Wrote: Do I get free tacos for a year now?

Only if you don't ID yourself as the perp.
Reply
#10
RE: Minor Data Breach
Glad to see you on point Tibs. Yeah well, a tired written line of code or a button badly pushed. You got it in time. To err is to be human and to err is learning.
Reply





Users browsing this thread: 1 Guest(s)