Update on hacked catiewayne.com forum: now operational again

March 19 2013, the forum was hacked.

The database containing the hashes of every user’s passwords was stolen.  Also contained in that database in plaintext is the content of every single private message sent from any user to any other user.  Both of these things were temporarily published publicly to unichan, so potentially hundreds of people could have gotten a copy of that database with everyone’s private messages, password hashes, and email addresses.  Potentially dozens of people could be brute-force checking the password hash database right now, and many of the weaker passwords have probably already been found.

The hackers also signed into at least one of the administrator’s control panels and changed all kinds of things, for example, for the lulz, adding wordfilters so every instance of the word “Catie” is replaced with the word “fattie” throughout the whole forum, un-modding moderators, deleting the accounts for a few moderator and admin users, and turning off the systems that protect against the spambots.

Some users have already reported that someone has signed in with their password and posted things with their name, changed their passwords, and even some have had their other accounts unrelated to the forum taken away such as their email accounts and in one instance, their Steam account (this happens when you use the same passwords on multiple websites and one of those websites gets hacked)

Some users changed their passwords at this point (as they should have)

Mar 20, the database was restored to its previous backup from Mar 16.  So it was back to the old passwords.  However the security hole that let in the hacker was not patched, therefore, the hacker got right back in and started changing things up again.  (I don’t understand why the admin Intrepid didn’t shut down the forum to fix its problems)

Even though I have not seen any sort of announcement from Intrepid through this entire ordeal, it is my understanding that he is working on getting this fixed so that the hacker no longer has any admin control of the forum.

Update Mar 21: It seems to have been fixed late tonight.  There has been no public communication from Intrepid besides the new note on the top of the forum warning everyone to change their passwords.

Update Mar 22: There is now an announcement about it on the official facebook page, simply saying the site is going down for updates.  It has since then been up and running.

What to do?

  • First, change your password on the forum (again).  That will keep the hacker or anyone who cracked your password from logging in as you.  When (or if) the database is rolled back to Mar 16 again, change it again after that happens because it will be back to your old password again.  Make the password something you don’t use anywhere else, and make it a longer password, like 12 or more characters.
  • Don’t bother posting to the forum right now, anything you post will not be there when they roll back the database to Mar 16 again.
  • Change your password on any other sites that use the same password as what was in the database at the time it was hacked. (March 19)  This is especially true for the account for the email address assigned to your forum account.
  • Read through all your old incoming and outgoing PM’s to remind yourself of any personal information contained there, in case you need to do something with that, such as changing a password somewhere.

Who is responsible?

I keep getting asked this question.  Short answer: I don’t know.

Long answer: A few people are blaming Boxxychan who is the admin of unichan.  I don’t believe this to be the case.  Many people are blaming it on Boxxyfan.  I’m not sure but I think Boxxyfan, anon77, and f0rby are the same person.  (Not to be confused with forby; a completely different person)  The person posting the leaked information to unichan is posting as “f0rby”.

Though he did not use a tripcode so this hacker could be anyone that wants to redirect the blame, or it could be who he says he is, we just don’t know.  As one anon on unichan put it,

It’s not the real f0rby (George) or the fake f0rby (Boxxyfan). It’s 3 layers of impersonation/reference.

Resolution

Hopefully this is fixed soon and it will all blow over, but even though things like this have happened in the sphere before, none have been of this magnitude.  There is just too much damage from so much personal information being publicly leaked in those private messages.  We have yet to hear what Catie thinks of this.  I intend to provide an update here on occasion.

Update Mar 21: The forum did get taken back down, many things fixed, and put back online and has been returning back to normal late tonight.  We shall see if it is really patched well enough to keep the hackers out from now on.

Leave a Reply

Your email address will not be published.