Please change your password - S-P DB hacked
Today the Style crew found out that the Style-Productions.net database has been hacked earlier.
The hackers obtained e-mail addresses and password hashes.
It seems they have been unable to crack the password hash so far, so your password might be somewhat safe, but not very safe.
What we have done so far:
- Done 2015: We fixed several SQL injection vulnerabilities that would allow to access the database, however that was too late already.
- Done 2016-02-25: Further improve the password hash function to make it even harder in the future.
- Done 2016-02-25: Revoke admin access for all admins and only re-issue it on a per-need basis.
- Done 2016-02-25: Reset all user passwords and require them to set a new one using the password recovery page.
- In progress: Inform all users by mail if possible (stats).
Notification stats are linked in the news above, so far we are at 70% (sending mails to the queue since early morning), however even when it shows 100% it will take a few hours until the mail queue is empty.
Last changed: 26. February 2016 21:03