Update on hacked catiewayne.com forum: now operational again

March 19 2013, the forum was hacked.

The database containing the hashes of every user’s passwords was stolen.  Also contained in that database in plaintext is the content of every single private message sent from any user to any other user.  Both of these things were temporarily published publicly to unichan, so potentially hundreds of people could have gotten a copy of that database with everyone’s private messages, password hashes, and email addresses.  Potentially dozens of people could be brute-force checking the password hash database right now, and many of the weaker passwords have probably already been found.

The hackers also signed into at least one of the administrator’s control panels and changed all kinds of things, for example, for the lulz, adding wordfilters so every instance of the word “Catie” is replaced with the word “fattie” throughout the whole forum, un-modding moderators, deleting the accounts for a few moderator and admin users, and turning off the systems that protect against the spambots.

Some users have already reported that someone has signed in with their password and posted things with their name, changed their passwords, and even some have had their other accounts unrelated to the forum taken away such as their email accounts and in one instance, their Steam account (this happens when you use the same passwords on multiple websites and one of those websites gets hacked)

Some users changed their passwords at this point (as they should have)

Mar 20, the database was restored to its previous backup from Mar 16.  So it was back to the old passwords.  However the security hole that let in the hacker was not patched, therefore, the hacker got right back in and started changing things up again.  (I don’t understand why the admin Intrepid didn’t shut down the forum to fix its problems)

Even though I have not seen any sort of announcement from Intrepid through this entire ordeal, it is my understanding that he is working on getting this fixed so that the hacker no longer has any admin control of the forum.

Update Mar 21: It seems to have been fixed late tonight.  There has been no public communication from Intrepid besides the new note on the top of the forum warning everyone to change their passwords.

Update Mar 22: There is now an announcement about it on the official facebook page, simply saying the site is going down for updates.  It has since then been up and running.

What to do?

  • First, change your password on the forum (again).  That will keep the hacker or anyone who cracked your password from logging in as you.  When (or if) the database is rolled back to Mar 16 again, change it again after that happens because it will be back to your old password again.  Make the password something you don’t use anywhere else, and make it a longer password, like 12 or more characters.
  • Don’t bother posting to the forum right now, anything you post will not be there when they roll back the database to Mar 16 again.
  • Change your password on any other sites that use the same password as what was in the database at the time it was hacked. (March 19)  This is especially true for the account for the email address assigned to your forum account.
  • Read through all your old incoming and outgoing PM’s to remind yourself of any personal information contained there, in case you need to do something with that, such as changing a password somewhere.

Who is responsible?

I keep getting asked this question.  Short answer: I don’t know.

Long answer: A few people are blaming Boxxychan who is the admin of unichan.  I don’t believe this to be the case.  Many people are blaming it on Boxxyfan.  I’m not sure but I think Boxxyfan, anon77, and f0rby are the same person.  (Not to be confused with forby; a completely different person)  The person posting the leaked information to unichan is posting as “f0rby”.

Though he did not use a tripcode so this hacker could be anyone that wants to redirect the blame, or it could be who he says he is, we just don’t know.  As one anon on unichan put it,

It’s not the real f0rby (George) or the fake f0rby (Boxxyfan). It’s 3 layers of impersonation/reference.


Hopefully this is fixed soon and it will all blow over, but even though things like this have happened in the sphere before, none have been of this magnitude.  There is just too much damage from so much personal information being publicly leaked in those private messages.  We have yet to hear what Catie thinks of this.  I intend to provide an update here on occasion.

Update Mar 21: The forum did get taken back down, many things fixed, and put back online and has been returning back to normal late tonight.  We shall see if it is really patched well enough to keep the hackers out from now on.

Boxxy is not a fake

Even after Catie posted the video Calm down Holden to explain things for those who were still confused, there were still people who thought that one or more video currently on one of Catie’s 3 official channels are fake.  So I’m here to fight disinformation with facts that can be easily checked by anyone so they can make up their minds on their own.

If you are reading this, you probably have seen all of Catie/Boxxy’s official videos plus a small portion of the many remix videos out there on Youtube.  But if you haven’t watched all of Boxxy’s official videos, I suggest you do, in order either before or after reading the rest of this, to be best informed.  The most convenient way to watch all official videos in order, is go to the Catie official videos category, scroll down to FOAR 4DDI FRUM BOXXY & FOAR ANT FUM BOXXY, watch those 2 videos, and work your way up to the top of the page.

Okay, so Catie had the youtube channel S4TISF4CTION and boxxybabe (with one e).  In January 2009 when Boxxy videos became popular (and became unpopular to others), Catie shut down boxxybabe out of fear of the situation, hackers, stalkers, and all.  Then she must have decided to put them back up.  Youtube never allows someone to open an account with the same name as an account that has existed before, so she used the name boxxybabee with 2 e’s.

Both S4TISF4CTION and boxxybabee got hacked in Jan 2009.  She still hasn’t gotten S4TISF4CTION back, and probably never will.  It only had 2 videos which never were insanely popular like the Boxxy videos.  If you look at the S4TISF4CTION account, you will see that the only Youtube channels who S4TISF4CTION are subscribed to are the other accounts of the hackers who hacked her accounts.  Anon77, gastricpenguin, Zarithas, and Eyrev1.

By Nov 2010, Catie wanted her boxxybabee account back.  She created ANewHopeee, asked her fans to help get Youtube to get her account back to her, but you can not see her well enough to tell that it is her, and can hear her speaking from a script she wrote.  (subtitles)  So, none of the uh’s, um’s, ah’s, but uh yeah’s, and stutters that are littered throughout all of her other videos.  The kinds of things that you tend to not hear when you are just listening to what she has to say.  Some new account was created with one video in it; why should anyone consider this was really Boxxy as was claimed in the video?  These photos are why.

She uploads Things are about to get Intense on January 10 2011 to ANewHopeee Youtube channel, appearing on a lower resolution webcam, and for the first time, as Catie not as Boxxy.  A lot of people don’t think this person is the same as the older Boxxy videos.  Listen carefully to the way she talks, read the subtitles, you can tell it’s her.

The third video appears on ANewHopeee (subtitles), this time with a girl with a blond wig and a different accent, claiming she hacked into ANewHopeee’s youtube account.  It’s a good disguise but you can tell by the way she talks, that this is the same person.

Another account is created called bodaciousboxxy, and only one video exists on this account.  It is Boxxy making her first appearance as Boxxy in almost 2.5 years.  She must want to keep the Boxxy videos separate from the Catie videos, but boxxybabee is still under control by the hackers.  She is totally different than the 2009 Boxxy.  She’s older, has gained a little weight, more lighting in the video, her personality is different, and she is talking really fast, and is trying too hard to be the Boxxy she used to be.  But to me, I can tell it is still obviously the same person.  Since this is in HD, you can compare some of her facial features to old photos, and that she has the same trouble with um’s, uh’s, stutters, and things like that.  She further confuses people saying to Svetlana that ANewHopeee isn’t her, when in reality that is her as Svetlana and as Catie in Things are about to get intense.

A commentary about this confusion:

After this, she finally gets her boxxybabee account back.  She links all 3 accounts together on Youtube, puts a copyright notice in the description of each video in all 3 channels boxxybabee, ANewHopeee, and bodaciousboxxy, and reuploads the Boxxy return video “FOAR SVETLANA FRUM BOXXY“, this time to the boxxybabee account.  And finally since some people are still confused, uploaded the video of Catie explaining it, on Catie’s now main channel ANewHopeee.  (subtitles).  Obviously the same person for the same reasons above.

Boxxy tries to stay away from the internet

This takes place during most of the year 2009.

People are obsessed with Boxxy.  Hackers hack some of her various accounts such as her Youtube accounts boxxybabee (hacked Jan 18, 2009) and S4TISF4CTION.  Some obtain her dox (in-real-life name, phone number, address, etc.)  The hacker group who doesn’t like Boxxy decides to blackmail her, demanding that she not make another video.

At this point, she doesn’t make any more videos.  It was said Boxxy would return June 17.  Nobody knew it would be June 17 of 2011 when the Boxxy character would return.

Back to 2009 – This personal information was accidentally leaked to the public 4chan forums where there were a bunch of obsessed people that suddenly knew where she lived.  On top of that, some people sent Boxxy hateful videos threatening to come over and rape and murder her.  The leader of this anti-Boxxy group tried to take back his mistake and release false information to throw stalkers off the right trail, and also stage a DDOS attack on 4chan so nobody could read her real information.  However the damage was done.  4chan actually did go down for a few hours but later it came back up and the information was still there.  At this point everyone found out Boxxy’s real name was Catie Wayne.  Catie received phone calls from obsessed people who wanted to find out if that was really her, and people actually showed up at her doorstep looking for her.  It must have been a truly horrible situation for poor Catie.

Catie tries to stay away from the internet for a while, and things start to die down for a while, but some people remain obsessed with Catie.  Sometime around spring or summer of 2009, someone discovered a couple of videos filmed April 2009, from Catie’s real life friends’ Facebook pages which Catie was in, refueling the Boxxy mania and Catie stalking.

Catie being understandably freaked out, continues to refrain from posting videos on the internet.  Her online followers prophesize Boxxy’s return on June 17 2009.  Then again they prophesize her return on June 17, 2010.  It isn’t until Nov 25, 2010 that Catie opens the Youtube account ANewHopeee (ending with 3 e’s) and posts a video asking for her fans’ help getting her boxxybabee account back from the hackers.

Catie’s original Youtube channel: S4TISF4CTION

Her account S4TISF4CTION was opened on Oct 8 2006.  Catie no longer has access to this account as it was one of the accounts that was hacked which she still has not gotten back.  It does still exist on Youtube but is under control of the hackers who took it from her.  All videos from this channel are either marked private or are deleted.

2 videos are known to exist from this channel:

RE: An amble in Powell Park

