Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
Have you found the hacker yet?NOTE: From what we can see in the logs, NO USER INFORMATION WAS ACCESSED OR CHANGED!
Here's a high-level of what happened over the last hour:
Again, from what we can see in the logs, NO USER INFORMATION WAS ACCESSED OR CHANGED!
- At 11:07 am PST, we saw some really odd stuff... a bunch of threads were "soft deleted" (basically, they won't show up for members, but they are still in the system).
- After some quick investigation, we discovered one of the moderator accounts was accessed by an unknown person who started to mass-delete threads.
- Our team QUICKLY moved into action and:
- Blocked the moderator's account
- Forced all other moderators' accounts to new passwords
- Started the process of "undeleting" the threads
UPDATE: To clarify, moderators can NOT access Private Message conversations, passwords, etc.
We have limits on what our moderators can see / do, and fortunately those limits proved themselves very effective in this situation
Also, pretty much everything and anything a moderator does, can be completely undone by me
In the 15 years I've been running forums, this is the first time this has happened. That said, we're going to keep digging deeper into this to figure out what went wrong, and what needs to be done to prevent it in the future! For example, we will require all our moderators to use "2 factor authentication" moving forward. Usually this is only really important for Admins, but we want to add this additional layer for even more protection!
Thank you for everyone's patience as we worked through this, but a HUGE THANK YOU to our amazing team (especially @DuckLady) for such speedy response and help!
This is all a VERY good reminder to everyone:
- Use a unique password for all sites... i.e., don't use the same password for multiple websites.
- Use a password that is complex
- Change-up your passwords from time to time
I did too!Thanks for posting this! I got a notification that was very rude with profanity. This explains it!
I would be up to my neck in poop without BYCPlease no lol I need byc
Interesting, I didn't know that, thank youI just enabled 2FA for my account. If you're concerned about the security of your account, it's available: https://www.backyardchickens.com/account/two-step/
You just need an app like Google Authenticator, that's what I use. It generates a code that must be entered in addition to the password.
They are desperate too attack and anyone will do.This is exactly what I thought! Why, of all the forums on the internet, would anyone want to hack a chicken-keeping forum?
Even if someone was doing it for entertainment... why a chicken forum of all places? I find it to be pretty funny.