Important: Security Breach (Please Read)

RyanK · Post Post #30 (isolation #0) » Tue Nov 01, 2016 11:27 pm

In post 29, copper223 wrote:...
You could think of implementing a 2-step verification process if this is a recurrent problem.

I second that, but please make it optional.

RyanK · Post Post #77 (isolation #1) » Mon Nov 07, 2016 11:45 pm

In post 70, Kison wrote:
Update:
The person responsible for this has been identified and removed from the site.
See here
.

As mith mentioned earlier, the person responsible was able to gain unauthorized access to an administrator's account. In the process, they left a post indicating how they had done so. We keep thorough logs of site activity, and by making some educated guesses about what the guilty party was doing prior to the attack, we were able to identify one individual whose activity indicated guilt beyond reasonable doubt.

Since we know they downloaded data from the site, our primary goal was to do everything possible to ensure it would be erased. Unfortunately, none of the information on their account identified who they were outside of this site. The past week has been spent tracking down that information relentlessly with great success. I may write more about that another time, but I'd like to thank
chamber
for being amazing as always and
MrBuddyLee
for helping with some quality scumhunting(though he was saying he was sure it was Glork all along) and listening to me ramble.

The guilty individual and I spoke and they were adamant that the stolen data has been deleted. We are looking into pursuing legal action to ensure that does in fact happen.

Lastly, we're taking measures to prevent this from occurring again. The method through which the data was downloaded is a feature of phpBB, the software running this message board. It has since been removed. All administators' passwords have been changed, and we will be looking into additional security for access to restricted areas of the site.

Thanks for reading,
Kison

Personally, I'm quite interested to know how did you all find them.

RyanK · Post Post #99 (isolation #2) » Tue Nov 08, 2016 4:27 am

In post 98, vonflare wrote:can we give them a title? like, 'hacker'?

for the luls

The accounts have been deleted, I think.

RyanK · Post Post #116 (isolation #3) » Tue Nov 08, 2016 10:14 pm

In post 105, Not_Mafia wrote:But why did they suspect him in the first place?

Good question. I hope it will be answered.

RyanK · Post Post #118 (isolation #4) » Tue Nov 08, 2016 10:17 pm

Don't expect you too. I was personally wondering why of all people expedience.

RyanK · Post Post #126 (isolation #5) » Wed Nov 09, 2016 11:33 pm

In post 120, mith wrote:
In post 118, RyanK wrote:Don't expect you too. I was personally wondering why of all people expedience.
You're looking at it backwards. Kison didn't go "hey, Expedience might be the hacker" and then set out to find evidence of it, he said "hey, this is how the hacker might have acted" and then set out to find evidence (which happened to point to Expedience).

Sorry for the misunderstanding.

RyanK · Post Post #127 (isolation #6) » Wed Nov 09, 2016 11:33 pm

In post 120, mith wrote:
In post 118, RyanK wrote:Don't expect you too. I was personally wondering why of all people expedience.
You're looking at it backwards. Kison didn't go "hey, Expedience might be the hacker" and then set out to find evidence of it, he said "hey, this is how the hacker might have acted" and then set out to find evidence (which happened to point to Expedience).

Sorry for the misunderstanding.