To whom it may concern,
You may or may not be aware of the issues we have recently experienced at mcbans.com.
We would like to inform you that the security issues have now been resolved and any password information leaked is hashed (one-way encrypted) in the highest grade of protection available.
At the time, we were unaware of some of the more specific details regarding the attack and the data which was compromised. Now that the immediate threat is over and our damage report is complete, we have decided to release all the relevant information on what happened during the attack.
On 01/01/2012, MCBans became aware of a security breach on a server which contained our users’ personal information. The incident involving protected user information was the theft of a backup of mcbans.com which was made between December 2010 and April 2011 and was hosted on a remote server which then served as forums.mcbans.com.
This backup contained usernames, highly encrypted passwords (conforming to Internet guidelines), email addresses and up to 500 valid server API keys which are still in use. This information was gained access to by a group of malicious hackers through an exploit in an older version of our forum software.
We would like to stress that immediate action was taken to combat this leak of information by enabling an IP-Lock on compromised API keys and regenerating the keys of servers which were at high risk of attacks.
We recommend immediate steps be taken to protect yourselves from potential information breach harm by changing all passwords associated with mcbans.com and any other sites that use the same password as your MCBans account. If you change your password there will be no other implications of this attack.
MCBans.com has taken these steps to protect your, and others’ personal information from further harm or similar circumstances:
Initiated an in-depth business security evaluation.
Addressed operational and technological updates or changes triggered by the incident to improve confidentiality, such as (developing an in-house forum/switching forum to IP. B) and updating administrative policies and/or procedures.
Contacted all ISPs/hosts used to facilitate this attack. Most if not, all ISP’s/hosts have complied with our requests, and we will continue to ask for take-downs until we see fit.
Introduced a new team of System Administrators to overlook our infrastructure and ensure that everything is running highly optimized, and that our systems are secure.
Improved system-wide security measures to remove access to unauthorized parties to prevent this from happening in the future.
MCBans.com would like to sincerely apologize for the inconvenience and concern this incident has caused you. Your privacy is extremely important to us and we will continue to do everything we can to correct this situation and fortify our operational protections for you and others.
You may contact us with questions or concerns in the following ways:
By joining our IRC channel, #mcbans on irc.esper.net or webchat
http://*******/ynWF7A
By visiting our forums, forums.mcbans.com
By submitting a support ticket with us at support.mcbans.com
By contacting our team directly via email at
support@mcbans.com
Sincerely,
MCBans Administration
www.mcbans.com
this is exactly what we need...also god damn you McWork, I wanna go home and Minecraft!
