At 11:41am EU time I received an email saying that videos in the Community Happenings thread had been corrupted, and if downloaded, were 10 second long still images of a troll face taking credit for a hack.
By 12:20pm, I had viewed the email, confirmed the issue, shut down everything and notified via Telegram that it looked like the entire file server might be compromised.
By 12:43pm, I confirmed that almost everything was left intact and there were no signs of file server intrusion. This narrowed down the scope of attack tremendously to existing files.
At 12:47pm, I contacted the Discord alias left in the troll face images and asked how he did it. He refused to tell me but soft-confirmed my suspicion at the time that it was an attack using a crafted URL to make PATCH requests to the file server (as to update existing files only).
By 4:17pm, I had set up a debugging environment and confirmed the issue. I tightened security in several ways and tested each of them to ensure they worked as intended.
I opted to give the attacker 5 XMR. I did not pay him for information. He's like a 17-year-old Turkish kid and I wanted to encourage him to pursue cybersecurity for profit. He also could have potentially done a lot more damage if he was really trying to be malicious, so I'm grateful for that.
To clarify, I absolutely would not pay blackmail. My intentions are purely to encourage this guy to not fuck his life up. Between 12:47pm and 4:17pm, we talked a bit, and I feel he's got a rigid sense of morality that aligns closely with my own and I want him to stick with that.
No accounts were compromised and I do not believe any information was irreparably lost except a few recent videos in Community Happenings. If you see anything else missing or corrupted, let me know.
floraverseisacult.com
www.reuters.com
