Important: Security Breach (Please Read)

Post Post #0 (isolation #0) » Tue Nov 01, 2016 10:26 am

Yesterday at about 3am EDT, an unknown actor was able to breach the mafiascum.net database, which includes posts in both public and private forums, as well as private messages between users. We don't know the perpetrator's intentions or who they are.

For all users who have logged in since the 3.0 upgrade a while back, passwords are salted and hashed with a decent algorithm, and users prior to this point have hashed passwords. (This means if you've logged in any time recently, your password is hard to crack, but not impossible through brute force.)

You, as a user should take these steps now:

1.

Change your password on this site. In keeping with good security practices, you should not use the same password across websites.

2. If you are using the same password on this site on other websites, you should change those too, especially if you share a username or email address on those websites.
3. Notify us if you encounter any unusual access to your account.

As we learn more pertinent details, we'll let you know. We value your privacy, which is why we are releasing these details as a precautionary measure. If you have any information regarding this breach, please contact me by email.

We hope nothing worse comes from this, but we want you to be aware and able to prepare for every possibility and for you to be able to secure your data appropriately. We're implementing additional security measures to prevent recurrence of such a breach, so as to better protect you and the site. Thank you.

-mith

Post Post #37 (isolation #1) » Wed Nov 02, 2016 5:05 am

In post 10, Majiffy wrote:Were they able to access information such as PayPal account information or no? I would assume not but would be good to have an official answer regarding that.

Unless you sent account information (password and/or security questions) in a private message (which you shouldn't have been doing), you should be fine. All they would have been able to get from communication re: cards would be transaction IDs. I'm more concerned about addresses being exposed.

Still, it's good practice to change your passwords periodically (and more frequently the more critical the information/access is).

Post Post #120 (isolation #2) » Wed Nov 09, 2016 6:11 am

In post 118, RyanK wrote:Don't expect you too. I was personally wondering why of all people expedience.

You're looking at it backwards. Kison didn't go "hey, Expedience might be the hacker" and then set out to find evidence of it, he said "hey, this is how the hacker might have acted" and then set out to find evidence (which happened to point to Expedience).