09:30: I opened an E-Mail about a potential data breach, including samples (email and hashed passwords), got in contact with the sender to proof the data.10:05: Website has been taken offline to prevent further access. ![]() 10:17: Changing SSH- and Database passwords again (134bits, as usual).11:35: Reporting to the local data protection authority ().19:00: Still analysing the data, comparing users and timestamps, also hoster prepared the e-mail server for sending out the information mail.Information-Mail goes out to all records from the dump, soon. Last email entry has "" as registration date. 02:00: The dump contained only "email:password" (some are hashed and some are dehashed only) but not in chronological order so we had to rearange the records first while mapping them to the affected database.08:00: Start sending out mails to all addresses contained in the leak.10:32: Our hoster scanned our site but found no known security hole.Getting A LOT of bounces back, but also kind replies. ![]() We will bring back all the materials as before for free, but the community features and personal data wont come back. Between the bounces we receive also some very kind replies.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |