Bad news first
Unfortunately, the attack has some permanent consequences:
- Threads started after Feb 6, 2011 are lost. However, I was able to recover all individual posts up to the day of attack. These posts have been merged into a single 'Lost + found' thread in each forum, which means that at least all content is still accessible. The post chronology is not necessarily correct (but makes sense in many cases).
- Any private messages sent after Feb 6, 2011 are lost.
- The attacker has put the user account information from our database on the web. See below ("Is my identity stolen?") whether this has consequences for you.
The attacker has placed confidential information stored in our database on the web, including e-mail addresses and so-called MD5-hashes of login passwords. It is possible but non-trivial to recover the original password from such a hash. I'm not keen to put a link here to the web site that hosts the leaked data, but if you want to know exactly what information of yours has been disclosed, e-mail me and I will show you. Furthermore I recommended everyone to change the password you use for .MAP. If you use the same password for other websites/services, I recommend changing your password there as well.
But wait, there's also some positive things
- I was able to identify vulnerabilities in the site software and fixed them. Duh, that's a bit late, but anyway
- No tutorials or map reviews were harmed in this attack.
- We now have all new, shiny forum software with a new look and lots of new features (I presume). One of the cool things is that you can now upload attachments to your posts. I'm sure there are many more amazing new features but I couldn't be bothered to list them
.
Now, show us what you've been working on while .MAP was down
