https://forums.alliedmods.net/announcement.php?f=130&a=49
This week we discovered a data breach that affects all our registered users.
On June 7th we discovered some anomalous files on our webserver, and
began investigating where they came from. From what we can tell, on
March 16th, an administrator's account was accessed by an unidentified
attacker. The attacker used an obscure feature in the forum control
panel to upload arbitrary code to our webserver. Then, the attacker
downloaded a portion of the forum database. The breached data contained
three pieces of information:
* Account names
* E-mail addresses
* Hashed passwords
* Last login IP address
Unfortunately our forum software (vBulletin) used a password hashing
scheme that is considered insecure by modern standards. We are therefore
recommending that all our users change their passwords as soon as
possible. If your AlliedModders password was used on other services, we
recommend that you change your password on those services as well.
We do not believe the attacker compromised our systems in a way that
would expose private messages, plaintext passwords, real names, or
otherwise intercept private traffic. We also believe the March 16th
incident was isolated in nature. Nonetheless, it is serious enough to
warrant immediate action.
We are deeply apologetic for this incident - it's a black mark on what
had been a perfect track record for over ten years. As a result we've
attempted to identify and address each of the weaknesses that
contributed to this attack. In particular:
* We have modified vBulletin to use more secure password hashing
(bcrypt, instead of md5).
* We are now restricting the privileges of all administrator accounts.
* We have restricted vBulletin's file system privileges and added
intrusion detection.
Again, we apologize for the inconvenience. If you have any questions,
please contact us [email protected].
-David Anderson
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please
visit:
https://list.valvesoftware.com/cgi-bin/mailman/listinfo/hlds_linux
