Jump to content

Security Breach Summary and FAQ

This announcement is no longer active

Dandicoot

MUSCLE GROWTH FORUMS BREACH SUMMARY

Hello everyone,

As you are all probably aware by now, late in the night (January 30, 2019), we had a security breach. Several users' emails and hashed passwords were exposed, and we recommend everyone change their passwords immediately. Furthermore, if you use this password on any other site, we recommend you change your password on those sites as well. No other information was collected, aside from what was posted on people's profiles on these forums. In addition to the exposure of this information, the entirety of the Unfiltered Section was deleted by whomever accessed the database. We unfortunately do not have a backup of the data that was lost, and we are deeply sorry for the creators that put the effort they did into posting their content there. This attack was done by someone who specifically targeted the Unfiltered Section. One of the admin's accounts was compromised (an issue that we have come together to resolve to make sure our accounts are much more secure), and the attacker logged in to the admin's account to delete the data. With admin controls, they deleted all Unfiltered Content, even from the back-ups. Again, we apologize sincerely to those that contributed to the Unfiltered Section over the years.

What does this all mean for the future of the forums, though? Well, for those that have been with us since the last site move, you may remember that the previous forums closed down because of conflicts about the Unfiltered Section. While there was nothing illegal in this section of the forum, it is becoming increasingly dangerous to host the Unfiltered Section because of the attention it brings. For this reason, we will not be bringing back the Unfiltered Section. We do apologize to those that solely came to this site for that part of the forums, but we have to protect ourselves, and you all as well. These forums are continuing to grow in the number of users we host, and this means we have to make compromises sometimes. We will not be putting any member of this forum in a compromising situation because of the content we host.

We will be re-enabling the ability to delete your account if you so choose. We will be saddened to see any of you go, but we will understand. Those of you that wish to stay, we promise we are dedicated to making this the best Muscle Growth community on the internet, and we will be ramping up security measures to help prevent future incidents. As part of our changes, we will be giving members the option to set up OTP authentication with their accounts. This means that in order to log in, you will be sent a PIN to enter after your username and password, and that PIN will only be valid for a short amount of time before it expires. This helps to protect user accounts against anyone that may try to access their profiles illegitimately.

 

MUSCLE GROWTH FORUMS BREACH FAQ

What happened?
Late at night for our US users, an unknown attacker gained access to an administrator's account by using an old password from a leaked database. Once inside, they collected a list of Member+ users and posted their information to Pastebin (which was quickly deleted due to the reporting by our vigilant users) and deleted the entire Unfiltered forum group, all associated data also getting purged. The attacker left a calling card in the discord, stating their intention of exposing pedophiles.

Am I affected?
Who was affected appears to be random, as we cannot discern a specific pattern from the list we were given of users that were exposed.  Just to be safe, all members of the moderation team are also now required to enable 2-factor authentication.  In addition, all users are required to change their passwords.

What was exposed?
Email addresses, hashed passwords, and any information you may have listed on your profile.  Note that a hashed password is not the same as a password, it would be like guessing the exact equation that leads to a number, but still, with a powerful enough computer and enough time the hash could be calculated, so precautions should still be taken.

Is there a backup?
There are no backups of the Unfiltered Section. All data has been lost.  Furthermore, the system operator CMiller has been considering removing the section for a while now and saw this as another reason why.  Thus the Unfiltered section will not be returning for the legal safety of CMiller and the security of all the users.

I want to leave the site now.
While we hate to see you leave, we understand. The ability to delete your own account will be granted to users shortly.  We will be making another announcement once that functionality is live.

Why not just keep hosting Unfiltered content?
You can't force someone to host something they don't want to host.  It's CMiller's server; he makes the rules.  Look for another home for your content, or even create your own, but Unfiltered content will no longer be hosted on these forums.



×
×
  • Create New...

Important Information

By using this site, you agree to our Guidelines, Terms of Use, & Privacy Policy.
We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue..