Suggestion Let user's know their password was stolen

Discussion in 'Forum Feedback' started by Aikar, Dec 7, 2015.

Thread Status:
Not open for further replies.
  1. Offline

    Aikar

    Hello,
    Why has Curse not let Bukkit users know that the forums were compromised for a few months and that everyone who logged in during that time had their actual password stolen?

    See: http://maxkorlaar.com/post/31

    This has been verified to be true:
    view-source:https://web.archive.org/web/20151001182740/http://bukkit.org/

    Search "authXen". This is same attack that hit Hypixel and Linux.org:
    http://www.linux.org/threads/possible-breach.8589/

    Users of these forums have the right to know that many passwords were stolen in clear text - not just a hash.

    So Bukkit Users, if you logged in from August 15th~ to Nov 15th~, consider your password stolen and change it and any other website you used it on.

    and stop using the same password in multiple places.
    http://keepass.info
     
  2. Offline

    timtower Administrator Administrator Moderator

    Thread is locked to avoid attacks.
    Update and announcement are on their way.
     
Thread Status:
Not open for further replies.

Share This Page