Thanks for the update, but I think you need to spread this information around the site and not just contain it to a single thread where only a small proportion of users will see it I appreciate you don't wish to cause alarm, but it's better information comes from the ''community team'' rather than through hear-say somewhere else on a chance basis. Last time the site was hacked there was a large banner and announcement across the site, as two examples.
Can you confirm the threat has passed, i.e. any potential malicious software removed and not just that security access has been locked down? Thanks.
One of the possibilities the community considered was that the attacker changed the login and 'change your password' scripts to steal (in plain-text) people's passwords if they logged in / changed their password. Could you confirm this didn't happen? Also, if the attacker didn't have access to the server files, does this mean they are not aware of the hashing scheme used?.
I'm going to pass this on to tech, although they might be keeping an eye on the thread. They're really busy right now so please be patient on a response. Personally, I don't have enough information (of tech skillz) to be able to comment.
I'm also sorry to the people who are upset that it took a while for the official announcement. We are a pretty small company and it felt really 'all hands on deck' this morning.
It was really important to me, and the rest of the team, that we did give you all a fuller picture of what happened so that you wouldn't feel like we were hiding things rather than just saying 'yes, it happened, but you're ok now, bye'. It's horribly frustrating when websites don't give you information, and I'm sorry we kept you waiting.
While we wanted to give you more info, there's a balance between what it safe to share, and what's more sensitive, and there are numerous people who have to check the comms we send out, which means that news has to trickle out slowly.
One of the possibilities the community considered was that the attacker changed the login and 'change your password' scripts to steal (in plain-text) people's passwords if they logged in / changed their password. Could you confirm this didn't happen?
If you changed it last night in response to the hack, please do so again.
I think that, very subtly and discreetly, answers your question.
I think the hacker has significant amount of time and power.
When technical people say significant time and power, they typically mean of the order of the entire Earth's computer resources running non-stop for a million years (not sure that this is the case here of course).
I think that, very subtly and discreetly, answers your question.
When technical people say significant time and power, they typically mean of the order of the entire Earth's computer resources running non-stop for a million years (not sure that this is the case here of course).
Changing your password again could just mean that the attacker was able to take multiple database dumps as opposed to them being able to edit the server side files though.
Changing your password again could just mean that the attacker was able to take multiple database dumps as opposed to them being able to edit the server side files though.