Allow me to shine some light on this week.
As most of you know by now, we had some security issues.
An unknown group from Indonesia decided to try and hack/deface our website.
They succeeded in the first part, but (perhaps unfortunately) failed at the second part.
As such, we realised it only a week later than we should.
During an incidental check on the server to see if we could improve the website on any ground during the next “Maintenance Friday™”.
We found evidence of newly created files that could deface (remove the normal website and put a solid page in its place).
And even worse, scripts that could read out the entire server content and edit/remove files at will.
Including the config files where we store the database password for the website to work.
As such we had to assume that they managed to take a peek inside the database and got to YOUR data as well.
So an action was needed and together with Sergeant Dutch I’ve spent an entire evening trying to figure out what had to be done.
This resulted in a total purge of all passwords related to the TSU.
Not only the accounts we use to manage this site, but also social networks, databases server management tools.
And last but not least, your passwords.
We did this to make sure you would change your password, not only on our website, but also on the others.
We have no reason to believe the hackers went for your passwords, but in this case we’d rather be safe than sorry..
Over the last 3 days we’ve been in talks with our server host to get things more secure for all of us.
And to prevent this from happening again.
Because unlike what we stand for as TSU, this WAS NOT FUN!
Now I can imagine that this might sound like a surprise or not.
But be assured, we’ve only removed your password and found an easy way to get you back up and running as fast as possible!
- Click on this link to get to the “Forgot your password?” page.
- Insert your username or email address as well as the CAPTCHA Code and hit “Get New Password”.
- Check your email (even your spam folders) for any emails with the subject “[Toy Soldiers Unite] Password Reset”.
Keep in mind that sending/receiving the email might take some time.
- The email will contain a link that will get you back to the website and to a form with a prefilled password.
Feel free to use this password or fill in a different one.
Just keep in mind to make it as unique/random as possible.
- Conform the new password and you’re done.
You can now log in with the same username and newly created password
If the above is leading to any problems, feel free to poke me or Dutch over IRC or by using the contact form.
And we’ll do our best to get you back up and running as fast as possible.
We are very sorry for this inconvenience and hope for nothing more than your understanding.