As many of you know, we suffered a data breach on Tuesday August 6th. Our website and backend were attacked, resulting in punishments and sessions being wiped, and our forums being overwritten with posts by Rainoboy97, an ex-stratus developer. Many members of the community, including ourselves, were quick to jump to conclusion given that Raino had been demoted when he left the staff team.
We immediately shut down the network to prevent any further potential attacks, and ALM began restoring a backup he had from earlier in the day. During this process, we reset all access keys & passwords used across the network. We started to investigate the incident, and quickly discovered that no evidence pointed to Raino being involved in any way. It is likely that he was either framed (given we had demoted him) or that in resetting the forums, his username was selected as a default, as he was the dev who initially set up our website.
After restoring the backup and network, we continued to look through all potential security flaws, and thanks to Yoyo_ , we discovered a vulnerability within the website from when it was open-sourced that would have made this kind of attack possible. This issue has now been patched, and we will be privately contacting others who use this code to help them secure their sites.
Now, onto data:
During this breach, we are confident that no data of any kind was downloaded or uploaded, and therefore can confirm that there is no tangible risk of emails or IP addresses being leaked in mass. However, as this information was visible to those with access, there is a chance that specific users could have been targeted and have had information copied without our knowledge. We salt and harsh our passwords, but IP or email information could have been copied as they are decrypted to be visible on our Sessions pages and in your account information.
We recommend that first, you ensure your password is not shared on other services - this is a good, basic security practice that all should follow. Next, check your email address on haveibeenpwned.com - if your email is listed as having been exposed, we recommend you take security precautions by updating your password and/or enabling two-factor authentication. Lastly, and this relates closely to this specific incident: if you think you are a likely target of a DDoS or similar IP-based attack, take steps to change your IP address if it is not dynamic. A reminder that all forms of DDoS or other IP-based attacks are permabannable offenses, and we are able to report users to their local authorities for these offenses, as they are illegal.
It's just that someone publicly added the keys to the public GitHub repository to a file called
secrets.yml, which always supposed to be secret in the first place, which they would've known if they learned Ruby On Rails. It's not some incredibly obscure exploit, this is an actual human error that one of the Stratus devs did by accident.
Log in to reply to this topic.