FA+
Shop
Account Recovery Progress
9 years ago
Just a note - I know a lot of users out there are still having issues getting back into their accounts, and I'm pretty much working around the clock to help every last person get back into their account (and responding to concerns and emails as I can). Ther eis a bit of a backlog, but we've got multiple admins working on it.
I was able to handle over 1,000+ inquiries last night, and I'm burning the midnight oil trying to get everyone back into the account (I quite literally didn't get to bed until 10AM, and even cancelled a dentist appointment). I'll also be cancelling all Memorial Day plans to keep working on emails until we get a response to every last person.
Why are there so many emails?
For a lot of people, they've had accounts for 10+ years, gone through multiple emails and didn't update them. Or, in the old system, it didn't verify if there were typos or if the email was properly formatted. Others had .edu accounts, and once they left school the emails were gone.
But our goal is to get everyone back into their accounts, and by the power of Red Bull and the Sword of Omen... it will be done.
I know things are rough right now, but we're working around the clock (quite literally) to make security improvements and get everything up to par. I can't excuse what lead up to the issue, but I can state that we are working to make things right and do our damnedest to fix the problems.
On that note, we'll have more information to share on our new code platform (yes, it's actually happening) in the future.
- Dragoneer
I was able to handle over 1,000+ inquiries last night, and I'm burning the midnight oil trying to get everyone back into the account (I quite literally didn't get to bed until 10AM, and even cancelled a dentist appointment). I'll also be cancelling all Memorial Day plans to keep working on emails until we get a response to every last person.
Why are there so many emails?
For a lot of people, they've had accounts for 10+ years, gone through multiple emails and didn't update them. Or, in the old system, it didn't verify if there were typos or if the email was properly formatted. Others had .edu accounts, and once they left school the emails were gone.
But our goal is to get everyone back into their accounts, and by the power of Red Bull and the Sword of Omen... it will be done.
I know things are rough right now, but we're working around the clock (quite literally) to make security improvements and get everything up to par. I can't excuse what lead up to the issue, but I can state that we are working to make things right and do our damnedest to fix the problems.
On that note, we'll have more information to share on our new code platform (yes, it's actually happening) in the future.
- Dragoneer
Thank you for all the work you've been putting in here. It certainly can't be easy and we all appreciate your work. I know I am sitting tight and awaiting the spot in the queue for help, and knowing you're keeping us in the loop helps a lot. Once I'm back in the works I know I'll be getting my submissions on the post and working to get more in to do more work to pay all the bills coming up soon. Thank you.
A big thanks to the working man.
Thanks for everything!
information up to date. Imagine if this happened to their
banking login
Appreciate the hard work man!
Again something for much much later.
YES
For artists you can ask for wip data, old saves and original docs (psd's and whatever), but for people who don't submit anything, i actually have no idea how you'd prove who's who.
So keep up the good work. While i'm a bit disappointed with the communication during and immediately following the attack, it's nice to see that you guys are still working to resume situation normal.
I'm not sure why every one is freaking out about the e-mails getting out. Every time you e-mail someone, that's one more person that has your e-mail. If you conduct business over e-mail then every commissioner or artists you've dealt with would have your e-mail.
The only reasons I see to worry is if you use the same password everywhere, or if you are afraid of being outed as a furry.
Not your bank/paypal/whatever
Unless for some reason you only use One password for literally everything.
Which would be a Bad idea >.>
Appreciate the time and effort you and the staff are putting into the recovery. Hope you are able to get a bit of rest soon. :3
Definitely looking forward to the new code platform too. ♥
I'm glad to hear that you're taking care of yourself though! Your health is just as important. Definitely do your best though to still go through with your plans for Memorial Day. You'll deserve the time off when it comes around! Plus, it'll be a good way to just relax and clear your head for a day.
Much larger sites and companies have done worse handling with even more resources at hand. Your efforts are appreciated, Neer.
im not exactly familiar with fa trouble protocal where do i go about inquiring on how toget back my account or can i just do it here?
i feel kind of ashamed cause ive been on this site for 6 years and i still dont really know how anything works here
Also while I'm commenting. Any chance you can ask the coding types to re-add the "select all" button to the top of the subs page? It's a small thing that I miss.
Thanks for putting in the time to fix this stuff for people. I'm generally very skeptical with you guys these days, but I can see you're genuinely feeling bad about all this and wanting to do right.
The journal is here http://www.furaffinity.net/journal/7596241/ this worries me that they didn't link to the list or mention who the hacker was.
Regarding the list: There is a link floating around where the hacker uploaded the info, and all you have to do is enter a username to find out what email address was originally used to sign up for the account, what the most recently updated email address is, and how many users share that account's password. The password isn't listed, but it's safe to say they have it on hand in order to compare it to other accounts.
If you want the link, you can send me a note and I'll pass it along to you, along with more information about how I came across it. Administration seems keen on hiding comments with the direct link.
Great job on keeping different passwords! Honestly if it wasn't for my ex logging into my account without my permission a few months ago, I probably wouldn't have changed it until it was too late. I use different email addresses and usernames for different furry sites, but I used to use the same password. Glad I got scared straight before this mess happened!
That's not quite how it works. The way many systems do passwords is that they run the input password through a hash function - like a mincer that produces the same result with the same cut of meat every time - but, like a mincer, you can't work it backwards to get the original password. When you login, it runs what you put through the mincer to see if it's the same, and if it is, the site lets you in.
Nowadays you can test lots of different passwords quickly with the hash function, which means that most short passwords are easily identifiable if you have know their hashes and how they were made. So many of the passwords are likely to be known now.
Even if you don't find out what the password was was to start with, if you have the same password as someone else, the resulting hashed version will be the same, so you can just compare to see who else has the same hash. Ideally you also add some "salt" which differs for each account, to vary the result and avoid this situation, but maybe that wasn't standard at the time the password scheme was last updated.
[Technically having the same hash doesn't guarantee you share the same password, but in practice it you probably do, because hashing methods are chosen to make such "collisions" rare.]
Because I want to change registered e-mail address.
Like each staff members does a little bit by bit and soon you'll catch up with it all.
Of course It could be more harder then I assume. xD
But either way Kudos to ya!
Keep going you are awesome
And they completely isolate the fact that the admins are working hours on end, daily, sorting through thousands of accounts. And I bet they don't even thank the admin that put up with their shit.
#Dragoneer
so kudos to you!
I hope you can improve the site's functionality and security as soon as possible. I love this site and the community it has fostered.
You have my full support, for what little it is worth. You can do it!
Huge respect though, you're actually helping people yourself and not just getting the admins to do it. I actually think that's awesome.
I only just got access back myself, after the reset tool accepted my email address after rejecting it before. It's good to be back.
Just looking through their stuff makes me appreciate how much stuff you are doing for us, so again, keep up the good work and do not stress too much
Either way, thanks for helping all of us. We really appreciate for what you've done for this community.
#FAForLife
Y'know, an email recovery system would have helped in a lot of cases with this. A few sites have those now.
Or... Y'know... An unmissable prior warning that passwords were gonna be reset.
Thank you for your effort dragoneer :)
And on a sidenote, I hope whoever was passing out the FA code gets an ingrown toenail.