FA+
Shop
TroubleTickets, password leak
9 years ago
Hey fellow tails,
as it came to my attention recently, Trouble Tickets have been leaked from FA's database.
Looking at the leaks, all TTs up to 4th of May 2016 were leaked, including confidential information within them which were meant for admin-eyes-only.
I don't know if I am allowed to place any links here, but there is a thread on 8chan's furry board regarding the leak, so if you are curious you can probably find it yourself.
I want to remember people that FA is unfortunately target to hacking rather often as it seems, and with hackers having been successful in the past more than enough times, please keep confidential information out of notes and TTs, they are not safe there!
I've disabled notes for these reasons mainly a while ago, so if you want to talk to me in private please reach me via e-mail.
Edit: appearently passwords & hash & salt were leaked, too. I am unfamiliar whether these password leaks are new or are still the same from the leak last time, but I recommend changing passwords just to be on the safe side.
So long and best,
Pranko
as it came to my attention recently, Trouble Tickets have been leaked from FA's database.
Looking at the leaks, all TTs up to 4th of May 2016 were leaked, including confidential information within them which were meant for admin-eyes-only.
I don't know if I am allowed to place any links here, but there is a thread on 8chan's furry board regarding the leak, so if you are curious you can probably find it yourself.
I want to remember people that FA is unfortunately target to hacking rather often as it seems, and with hackers having been successful in the past more than enough times, please keep confidential information out of notes and TTs, they are not safe there!
I've disabled notes for these reasons mainly a while ago, so if you want to talk to me in private please reach me via e-mail.
Edit: appearently passwords & hash & salt were leaked, too. I am unfamiliar whether these password leaks are new or are still the same from the leak last time, but I recommend changing passwords just to be on the safe side.
So long and best,
Pranko
Yeah, e-mail is safer!
I remember last time the website was hacked, it was not made public immediately and at first announced that nothing was at risk, when in actuality, passwords were stolen and people had accounts linked to their FA e-mails FA breached in (like facebook and LinkedIn)
#JustFAthings
I recommend using a seperate e-mail and a seperate password for FA.
I know FA's had its issues...SEVERELY, and insanely....And because of the attack, it's more than possible this could be data gathered at that time.
Thankfully, I don't use the note system, and all ready was using e-mails, so, it was easier.
As for the leaked TTs, I don't remember reading about it previously, so that might be something new, but since they date only up to May 2016 they were probably part of the leak, just not made public earlier?
Yeah, I find it easier to organize e-mails especially when it comes to keeping track of commission information and who already paid what and which was last progressed and processed and so forth.
I think I sent in like 4 TTs over the years or something, most of which were bug reports.
I consider it safer to assume the password leak is from this year and change my current password than running into the dangers of having my account compromised.
The leaked passwords also appearently have been seperated from their usernames, so the majority of people looking at the hashes with the salt won't know what password belongs to which user, but at least one person knows (the one who provided the leaks), and one person can do a lot of damage. So I'm playing it safe by changing my password and I recommend everyone else doing the same.
You know, just in case.
Yep, the larger (largest?) attack to the site was in May 2016. There are .onion sites ever since where you can buy the stolen data, which are password x email x username pairs S:
I must say ever since I had a step-up in security too.. using individual passwords everywhere. That along with regular password changes and at best email changes are the best way to stay secure ^^
Also, not defending fA here.. buut sites getting hacked are kinda regular. The less money they have or the more interesting data they have the more likely it happens. Happened to big ones, like Dropbox or Patreon (3 times? already) too owo.
Sometimes it just happens~ (keyword heart bleed exploit, which was affecting oh so many databases a few years ago)
I'm using a seperate password for FA now, yeah.
Oh yeah, adobe and other places got broken into, too. Hahaha the heartbleed exploit was so bad and affected so many websites and accounts, yeah!
I guess it's the aspect of furry, people hating FA/Neer and generally the drama that makes FA a target? Idk, just assumption.
I guess the thrill comes from the challenge behind it. It's like solving a puzzle - there is instant gratification and a real "I DID IT!" moment - not that I can speak from personal experience, I couldn't even code my own tumblr page haha, but I did puzzles before!
I guess those who have been burned by leaks are more careful now, but I imagine especially naive people may not spend a thought about their data going someplace else but the confines of the adminstrative team
What gets me is why would anyone trust data to the FA admin team, it's not like they don't have a history of some seriously shady individuals being hired.