Users browsing this thread: 1 Guest(s)
Database Compromise and Why You Might Not be Able to Log In
#1
As some of you have probably noticed by now, everyone was logged out of the forum (and, by association, the sites) last night. This was a quick first measure in response to a database compromise we experienced the other day that I was just made aware of. Apparently, on the 14th, one of the MyBB developer's Github accounts was compromised and the attacker was able to run database backups on every single MyBB forum running the most recent version of the software (we were not specifically targeted here). These backups were then sent off to their IP. I have no way of knowing if the process actually completed, nor do I know the motivation of the attack, so I can only proceed by assuming it was malicious and that the attackers have a copy of our user table.

What does this mean going forward? I am requiring ALL staff (both forum and site) to change their passwords immediately. I encourage everyone else to do the same, especially if you use your password here elsewhere as well. Passwords are stored in an encrypted state so it would take some work on the attacker's end to actually get something meaningful out of the data they have but it's still better to be safe than sorry.

For more information about the attack, see this blog post on the MyBB site.

Sorry for the late notice on this but I only just found out last night and couldn't actually sit down to write this up until this morning. If you have any questions or concerns, post them here.
Reply
#2
If anyone is having trouble logging in to change anything, just delete every cookie for the resource sites (vg, spriters, models, etc.). It was the only way I could get in.
Doofenshmirtz: This is a little bit awkward but have you seen my escape jet keys? (Perry nods) What, you have? Well that's great! So where are they? (Perry looks away) You won't tell me? Is this because you don't speak or are you just being a jerk?
~Phineas and Ferb, "One Good Scare Ought to Do It!" (2008)
Reply
Thanked by: Petie, Giddy Jones
#3
Oops, sorry! I forgot to mention that in the original post. Thanks Deathbringer.
Reply
Thanked by:
#4
Just changed my password i wasn't compromised, but better to be safe than sorry.
What Rips am i doing next not sure?
[Image: giphy.webp]
Reply
Thanked by: Petie
#5
Question, is the thing that was hacked the forum or the main site accounts?
[Image: k0OsVum.png][Image: NXpkf1V.gif][Image: psychicspacecow.png]
Reply
Thanked by:
#6
They are one and the same. Nothing was hacked in the sense that they have plain text passwords though. They got a dump of the users table which contains all of our user info but the passwords are encrypted (not to mention that this was a mass attack so they likely have thousands of database exports) so it's unlikely they've been able to actually access any accounts. It's still better to err on the side of caution though, which is why I recommend resetting your password.
Reply
Thanked by: psychospacecow
#7
Is VGFacts in the same boat?
[Image: k0OsVum.png][Image: NXpkf1V.gif][Image: psychicspacecow.png]
Reply
Thanked by:
#8
No. VGFacts was not affected by this exploit. This was purely by chance since none of us happened to log into the Admin CP while it was active.
Reply
Thanked by: psychospacecow
#9
I should've though twice before deleting all of my cookies...I just lost ALL of my game files on Nitrome!!! Very Sad

But...what's done is done. Next time, would it be possible to get the logins working in a way that doesn't require one to delete all of their cookies?
Reply
Thanked by:
#10
You have the option to delete cookies from specific domains, though doing so varies by browser. I realize this information does you little good now, and I'm sorry you lost your game files, but in the future, only delete the cookies from *-resource.com should the need arise.
Reply
Thanked by: psychospacecow
#11
Changed my password, tally-ho.
[Image: kE8xa19.png]
Reply
Thanked by: Petie


Forum Jump: