Moderator Account Accessed By 3rd Party

[Nifty-Chicken]

NOTE: From what we can see in the logs, NO USER INFORMATION WAS ACCESSED OR CHANGED!

---

Here's a high-level of what happened over the last hour:

• At 11:07 am PST, we saw some really odd stuff... a bunch of threads were "soft deleted" (basically, they won't show up for members, but they are still in the system).
• After some quick investigation, we discovered one of the moderator accounts was accessed by an unknown person who started to mass-delete threads.
• Our team QUICKLY moved into action and:
• Blocked the moderator's account
• Forced all other moderators' accounts to new passwords
• Started the process of "undeleting" the threads

Again, from what we can see in the logs, NO USER INFORMATION WAS ACCESSED OR CHANGED!

UPDATE: To clarify, moderators can NOT access Private Message conversations, passwords, etc.

We have limits on what our moderators can see / do, and fortunately those limits proved themselves very effective in this situation

Also, pretty much everything and anything a moderator does, can be completely undone by me

In the 15 years I've been running forums, this is the first time this has happened. That said, we're going to keep digging deeper into this to figure out what went wrong, and what needs to be done to prevent it in the future! For example, we will require all our moderators to use "2 factor authentication" moving forward. Usually this is only really important for Admins, but we want to add this additional layer for even more protection!

Thank you for everyone's patience as we worked through this, but a HUGE THANK YOU to our amazing team (especially @DuckLady) for such speedy response and help!

---

This is all a VERY good reminder to everyone:

1. Use a unique password for all sites... i.e., don't use the same password for multiple websites.
2. Use a password that is complex
3. Change-up your passwords from time to time

 

[Nifty-Chicken]

BTW, we want peeps to be mindful of what they post in this thread. Please no screenshots or details of messages you received. If you have questions related to your specific account, please send me a private message.

All general questions (applicable to the site / all users) can be addressed here.

 

[Isadora]

Thanks for posting this! I got a notification that was very rude with profanity. This explains it!

 

[Chickenwingwing]

Phew, that was crazy! Happy the threads were recovered

 

[MissE]

When you find the hacker, can you record the public flogging? Pretty please?

 

[Nifty-Chicken]

Fortunately these situations are rare, and BYC isn't really a huge interesting target. Often it's just someone bored or trying to take advantage of information they accessed elsewhere.

Also, while it was a bit of a anxiety-inducing / heart-attack situation for a while, once we narrowed it down to just one moderator account... and that the account (like all moderators) has limited access to information, access, etc., then we were considerably less worried and stressed... and the solution(s) were really straight-forward

 

[Nifty-Chicken]

UPDATE:

To clarify, moderators can NOT access Private Message conversations, passwords, etc.

 

[FluffyBottomBantams]

Any idea how many threads were deleted?

 

[PippinTheChicken]

That was weird! Gladly I didn't get any notifications!!! Thanks

 

[Nifty-Chicken]

It doesn't look like anyone or anything was targeted specifically... just a person accessed the account and immediately started deleting threads as quickly as they could before we shut them down.... which we did very quickly

It's kinda like how a thief robs a convenience store. They try to do as much as they can as quick as they can before the police get there.