As you have no doubt noticed by now if you're reading this thread we got breached last night.
First and foremost I want to make clear that No user data has been stolen, only deleted. Your passwords are safe, however it is always good practice to change your passwords after any sort of breach!
What happened?
Last night one of Furrypile's admins had their account compromised due to a data breach of another website.
The person that did this was targeting another staff member. Both of these staff members have had their accounts disabled until I can personally verify with them that they have regained control and properly secured their accounts.
They defaced staff accounts, the website, deleted random users entirely, sent out mass emails and deleted all the forums and posts. Basically everything that their admin access allowed them to abuse they abused.
Backups?
Furrypile used to be backed up on a daily basis to my business google drive account. However as anyone active here has noticed, FP has taken a huge back seat for quite some time in my life due to getting older and getting more responsibilities in real life and all that jazz.
So I at some point switched from a business google drive account to a personal one, and never remembered to set up the backup system for FP again, the business google drive account is long gone. Effectively meaning there are no backups.
The restructure/plan/etc
First and foremost I want to make clear that No user data has been stolen, only deleted. Your passwords are safe, however it is always good practice to change your passwords after any sort of breach!
What happened?
Last night one of Furrypile's admins had their account compromised due to a data breach of another website.
The person that did this was targeting another staff member. Both of these staff members have had their accounts disabled until I can personally verify with them that they have regained control and properly secured their accounts.
They defaced staff accounts, the website, deleted random users entirely, sent out mass emails and deleted all the forums and posts. Basically everything that their admin access allowed them to abuse they abused.
Backups?
Furrypile used to be backed up on a daily basis to my business google drive account. However as anyone active here has noticed, FP has taken a huge back seat for quite some time in my life due to getting older and getting more responsibilities in real life and all that jazz.
So I at some point switched from a business google drive account to a personal one, and never remembered to set up the backup system for FP again, the business google drive account is long gone. Effectively meaning there are no backups.
The restructure/plan/etc
- All our licenses have been renewed thanks to our wonderful donators and the forums/server is almost fully updated. Some plugins still need an update but will get one asap.
- Hourly backups are set up and working.
- All staff besides @Calmcacil and myself have been removed. Those who want to stay will have to actually be active.
- New staff will be brought on in the coming weeks.
- All staff is now required to use 2-fa on their account (and honestly I would suggest all members enable 2-fa)
- The forums have been condensed to the essentials, new ones will be added over time based on suggestions.
- New themes, features etc are a possibility.
- Registrations are disabled for the time being but will be re-opened in due time.
