Mors
Important Security Update
Nov 21 2020, 9:47 PM

User Icon
A while ago we have discovered a security hole in our main site software. The hole is now patched, but it's possible that it might have been already used to access people's passwords, which is kind of an issue!

We don't know if this happened for sure, and the passwords were hashed, so it's not as bad as it sounds. But regardless, just to be safe, I went ahead and made it so that every user has to change their passwords to keep using the site. It might be a bit annoying to be forced to change your password, but I believe this is for the best.

As a precaution, I've also upped the security of the backend. Let's just say that if anything like this happens again in the future, the impact will be much much lower. I know this is a bit of an oversimplification but I don't wanna get too much into detail.

EDIT: More information came to light and we now believe that no database leak actually took place. We, however, will still force users to reset their passwords, as that is a required step of the security improvement we have made.
 
View Comments (10) | Leave Comment

Comments
No Icon
Recent
Nov 22 2020, 12:33 AM
cool now finish flashback <:)
 
1 like from: VinnyVideo
No Icon
Recent
Nov 22 2020, 12:33 AM
and midas machine too
 
User Icon
Mors
Nov 22 2020, 1:35 AM
no........
 
User Icon
Klug
Nov 22 2020, 5:45 AM
So, this only applies to the main site and not the forums?
 
User Icon
redstone02
Nov 22 2020, 8:51 AM
Quote (Klug on Nov 22 2020, 5:45 AM)
So, this only applies to the main site and not the forums?

since the DB of the main site and the forum are different, so one does not impact the other
 
User Icon
Mors
Nov 22 2020, 4:32 PM
Quote (redstone02 on Nov 22 2020, 8:51 AM)
since the DB of the main site and the forum are different, so one does not impact the other

Yup, both the forums and the main site don't share databases, nor code. They are completely separate from each other.

We plan to integrate both in the future, but for now they will stay separate.
 
User Icon
5teven
Nov 25 2020, 9:53 AM
Small "Security" Notice when you enter the same password you had before it will tell you "you can't use the same password you already used" how it should,
however instead of forcing you to enter a new password again it will still log you in normally (thus going around the "new-password" force), might want to fix that for the next time.

EDIT: It does ask you to change it when visiting the games/hacks/sprites etc. sections though, commenting etc. works fine though
 
No Icon
Bisky
Nov 26 2020, 9:11 PM
step 1: make new password
step 2: change back to original password
step 3: ???
step 4: profit
 
1 like from: OssieTheOstrich
User Icon
OssieTheOstrich
Nov 27 2020, 6:15 AM
Well this was kind of unexpected.
 
No Icon
GlitchKid_YT
Dec 1 2020, 2:03 AM
Thanks for telling us when I wanted to add something to favourites it said I had to have an account, wich was weird since I have one obviously, so when I clicked my account it said I had to change my password and I tough it was a BUG or something like that
 
Pages: (1) 1 | Last Unread