devkitPro forum breach

Latest devkitPro news and announcements
Post Reply
WinterMute
Site Admin
Posts: 1369
Joined: Tue Aug 09, 2005 3:21 am
Location: UK
Contact:

devkitPro forum breach

Post by WinterMute » Fri Feb 08, 2019 2:46 am

As you may be aware, the devkitPro forums were breached on Sunday 3rd February and unfortunately the attacker stole the forum database and deleted the data from the server. The database contained user emails, all the forum posts, including private messages, profile information which may include user websites and social media accounts. The passwords in the database are hashed and salted but may still be vulnerable to dictionary attacks. No other data on the server was accessed and the pacman packages remain safe - the signing keys for those are only kept on developer's personal machines.

Unfortunately I used a weak password on my forum account which was shared with my reddit and gitlab accounts, both of which were accessed and deleted.

We have now restored the database, upgraded phpbb to the latest 3.2.5 and reset all user passwords. You'll need to use the forgotten password link to regain access to your account. We recommend resetting passwords on other accounts you may have and, if possible, enabling 2FA where you can.

If you have trouble getting your password reset please feel free to contact us by any of the methods found at wiki/Community_Portal or indeed by emailing me on [email protected].

We apologise for the inconvenience caused and sincerely hope that any damage was limited to the devkitpro forums and my own accounts.

Dave "Wintermute" Murphy.
Help keep devkitPro toolchains free, Donate today

devkitPro IRC support
Personal Blog

sverx
Posts: 94
Joined: Wed Aug 12, 2009 2:56 pm
Location: github.com/sverx
Contact:

Re: devkitPro forum breach

Post by sverx » Fri Feb 08, 2019 9:51 am

Everybody that had shared the same password on this forum and others places please change your passwords NOW

Thanks Dave for setting this up again :)

WinterMute
Site Admin
Posts: 1369
Joined: Tue Aug 09, 2005 3:21 am
Location: UK
Contact:

Re: devkitPro forum breach

Post by WinterMute » Sat Feb 09, 2019 7:16 pm

Dumps of the forum database containing usernames, emails and the hashed/salted passwords have been uploaded to pastebin and anonfiles. Please make sure you change all your passwords and enable 2FA if possible. If you know others that may have been affected then please point them to this thread and emphasise that they need to think about their password security.

Consider a password manager like https://haveibeenpwned.com/1Password or even the Chrome built-in manager if paying for this service doesn't appeal. Memorable passwords are risky.

Plug your password into https://haveibeenpwned.com/Passwords and check if it's been pwned.
Help keep devkitPro toolchains free, Donate today

devkitPro IRC support
Personal Blog

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest