We are currently investigating an attempt to download the entire userlist. Until this is finished there will be no one except myself with admin access at @DanniLikesNaps request.
I would strongly recommend changing your passwords as a precaution although there is no way they could have been accessed.
Wow, that’s pretty messed up. I can’t imagine what someone would want to do with the whole userlist. Thanks for keeping everyone in the loop Anthony!
I can think of three possibilities.
- A hacker looking for new victims
- A former staff member trying to gain a list of emails to try and steal members with the help of a current staff member
- 2, but it’s just a current staff member.
Currently available evidence seems to suggest it is either 2 or 3. That is why all API keys, moderator access, and admin access (except for @Anthony) was revoked while I investigate.
I didn’t want to go this route, but it’s the only safe way to proceed at the moment.
I change my password, good luck with the investigation.
Okay, a quick update. @DanniLikesNaps has confirmed that this situation is way more complicated than we thought but that it was not a staff member who triggered the download. Staff accounts will have their moderator/admin status reinstated as soon as they have enabled two factor authentication.
This functionality is available to all users, but mod and admin accounts must use it now.
I’ll note that even after my access is restored I’m on under doctors orders to relax, so I might not be around much. For the next week or so. Bad lung infection and covid
Get well soon, Mr. Owl! Rest, read a book, and most importantly get lots of sleep, because that is when your body heals.
Noted and thanks for the heads up. Passwords changed.
Hey folks. In case it’s not obvious there’s been some issues. I’ll be posting an updated post soon with more info about what happened with this issue and some other things that need to be addressed.