Account security reminder

Status
Not open for further replies.
Hi everyone,

Regrettably, on March 16th, the account of one of our moderators was compromised due to password reuse. Fortunately, we were able to secure the account within 1 hour of the breach and revert all of the malicious changes that were made. We have reviewed server access logs, and there is no indication that sensitive information (such as IP address logs) was obtained during the breach. To ensure this doesn't happen again, we now strictly require all moderation staff to have two-factor authentication enabled on their accounts.

As this is only the highest profile case of a recent wave of account compromises both on the forums and in-game, we'd like to encourage everyone to enable two-factor authentication on their accounts. Additionally, we'd like to stress the importance of using unique passwords for every website you have an account with.

As always, if you have further questions or concerns you may start a conversation with me.

Davy
 
Hi again everyone,

After re-reviewing server access logs, we have determined that some sensitive information was obtained during the breach. While content IP records were not accessed, the IP addresses of online users are displayed to moderators on our current visitors page. We have confirmed that this page was accessed during the breach, potentially exposing the IP addresses of users who were online between 1:10am and 3:01am PDT on March 16th, 2019. This includes users who opt to hide their online status.

Given the timing of the breach, we believe only a small handful of users are affected. Notifications will be going out to potentially affected users shortly. We remain confident that this information no longer has the potential to be accessed by malicious parties in the future.

Again, if you have further questions or concerns you may start a conversation with me.

Davy
 
Status
Not open for further replies.
Top