Topic: Security Breach?

Posted under Off Topic

So I was watching a video on YT taking about the timeline/history of E621 and It got me thinking. What was the most recent or biggest security breach E621 has had? In the video the guy mentioned something big that happened in 2015 but didn't go much into detail. Who would possibly want to cause issues for such a lovely site? I mean it's a art archive after all, what would be the point?

I can't remember any actual security breaches in recent-ish e621 history (my past 15 years using it) - I think the "something big that happened in 2015" is when there was some sort of password failure and many people had to reset their passwords. (see topic #7246)

While not necessarily a MAJOR breach, a little over a week ago someone hacked someone else’s account and started spamming anti furry AI art, they’re deleted now but here’s the page for one of them if you’re interested

post #5029537

Having been admin at one point (I am no longer admin, nor do I speak for e621, it's just to put a little weight behind what I say), I do not recall there ever being a security breach, before or during my time, and I haven't seen one after my time either.
There may have been some issues with people's accounts getting compromised, but that's down to either the user having installed something they shouldn't followed by all their login credentials dumped to a pastebin like site, or just using a really weak password like "monkey" or "swordfish", but that's as close of a "security incident" as you can get. (The login portal does prevent people from credential stuffing, but theres a very rare chance that they get "lucky" with a very bad password)
At least when I was there, Kira kept the whole thing very secure, I'm confident they passed down the knowledge of keeping the servers secure to their successors.

afanofskulldogs said:
While not necessarily a MAJOR breach, a little over a week ago someone hacked someone else’s account and started spamming anti furry AI art, they’re deleted now but here’s the page for one of them if you’re interested

post #5029537

>Calls someone a zoophile

Can people get any new insults other than zoo and pedo? They sound like school kids calling people names. Literally "what's the worst thing I can think of? Call them that!" It's so old.

afanofskulldogs said:
While not necessarily a MAJOR breach, a little over a week ago someone hacked someone else’s account and started spamming anti furry AI art, they’re deleted now but here’s the page for one of them if you’re interested

post #5029537

Accounts get compromised relatively frequently, probably because of user error

Donovan DMC

Former Staff

lazydazydayz said:
Such as?

Using weak passwords and reusing passwords
We have not been compromised in any way to my knowledge, all compromised accounts have come from either weak passwords or more commonly leaked passwords from other websites
They take those passwords and usernames and try them somewhere else, chances are they will work because humans are lazy and use one easily guessable and memorable password everywhere, along with the same username
If the password is different, chances are they've shoved a number, a capital letter, or a symbol on the end and called it a day

lazydazydayz said:
Such as?

I think the vast majority of compromised accounts are usually because people reuse their username/password combinations, and were a member of another website that did get compromised. Of course there's the other classic user errors like installing malware, sharing their passwords with untrustworthy people, and improperly storing sensitive data. A lot of e621 accounts were compromised a while back and I believe it turned out to be people who had their data leaked from the LastPass breach and hadn't changed their password.

If e621 itself were actually breached, people would be compromising the admin accounts, not random users with barely any interactions on the website.

bdanimare said:
>Calls someone a zoophile

Can people get any new insults other than zoo and pedo? They sound like school kids calling people names. Literally "what's the worst thing I can think of? Call them that!" It's so old.

It's almost like a furry version of Godwin's Law.

...

...Dogwin's Law.

What Donovan said. ^ ^
Also adding to that, we've had a few users who have been compromised multiple times, because they didn't change their password after the first time. So the same compromised password got them twice, months apart. Which is... avoidable. I'm just saying.

It sounds like common sense but if you ever think your password has been compromised... don't keep using the same thing after you get your account back. Pick something new to use. Save yourself the trouble of repeating it all over again in the future. It's just a good idea, okay.

  • 1