Security Risk - Change your passwords

[Null]

So this afternoon at about 4pm CST the server went down. From what I've been able to see, the permissions of our database users were changed so that none of the applications could connect.

I haven't yet had time to read access logs or figure out what exactly happened, but from this alone I can infer that someone gained privileged access the MySQL server. Someone has claimed responsibility for this, but usually they are technically incompetent and bluff constantly so I take it with a grain of salt. They also sounded really adamant that I make this announcement, probably for publicity.

However, as a precaution:
If you have used your forum password on another website, change it immediately.

I can't verify that this person has anything. They've refused to show any proof that they were responsible for an attack, that they have our password salt, or any passwords at all. However, as a matter of precaution, this is the best and most logical thing to do.

Also, if you used a password here anywhere else, shame on you.

Edit: If you use Steam to sign in, you're fine.

 

[DN 420]

goddammit

 

[RecordStoreToughGuy]

Good thing I used a password nobody can guess. It's the price of a large cheese pizza and two drinks where I work: Panucci's Pizza.

 

[Hodor]

welp

 

[Pikonic]

I've changed all the passwords for everything, especially the ones I didn't have to do. I wrote all my new passwords in one of those password protected electronic diaries from the 90s, put that in a safe, put the safe in a shed with a padlock, and fed the padlock key to my cat.
I think I'm good.

 

[lynx]

Also, if you used a password here anywhere else, shame on you.

looking at you, @mapdark

 

[AnOminous]

Also, if you used a password here anywhere else, shame on you.

What if I don't have a password? (Steam login.)

 

[Zim]

Good news - password is changed.
Bad news - whiteout is all over my screen.

What do?

 

[Null]

What if I don't have a password? (Steam login.)

Then your password is never stored on our database. You are authenticated by Steam and it sends us a completely anonymous, temporary token that says you validated correctly. You have nothing to worry about.

 

[Fantasma]

Heh, I haven't logged out of here since I made my account, and forgot my password. Had it saved in a doc and found out it was something pretty retarded that I've never used anywhere else. Happy day.

 

[Connor Bible]

I'm in the clear. I haven't used my password for the Farms on any other site.

 

[Joan Nyan]

No burglar would ever want anything in my accounts.

 

[ToroidalBoat]

Once you read the access logs, I hope you'll update us with the situation.

 

[Slowboat to China]

How odd. Why would anyone want to hack the Farms? It's not like we have secret nuclear launch codes or anything.

... right? Null?

 

[Marvin]

I'm in the clear. I haven't used my password for the Farms on any other site.

Thank god. Dude, I was so fucking worried, you have no idea.

 

[Ouija Board]

I changed my passwords off the ones that I can think off the top of my head. I guess I will change my kiwi password.

 

[Colress]

everything i use is useless anyways, so w/e

 

[Chappy]

Not at all tech-savvy here. Do I even have to bother changing any passwords if this is just a throwaway account? I mean what use is a password if you don't even have an account for it?

 

[Sir Walter Raleigh]

I know why my eBay account just bought three dozen Sonichu medallions now. Is "deagleoscarwinnernewkaufman" a secure enough password?

 

[Don't Call Anybody]

Listening to xkcd my professors finally paid off!