Thanks for responding. Hope my information is secure as you state. Can you please.. Just please do me a little favor.. Post a pic of yourself!
I would but the BBCode is broken so no images. Best I can do is an emoji:
People who took my advice and deactivated JavaScript in their browser for Dotabuff or even all sites can now reactivate it.
DB actually uses harmless JavaScript for calculating times like "5 minutes ago" and potentially more functions of the site.
Free dotabuff plus would help me sleep better at night knowing that all my valuables where compromised :)
Free dotabuff plus would help me sleep better at night knowing that all my valuables were compromised :)
Thanks for the info Jason, appreciate the post.
Keep up the good work
EDIT:
Had no idea you play wow :)
WoW became pure autism after BC after they started locking my accounts for using bot leveling.
That's a glorious beard JaySon - https://pbs.twimg.com/media/BlYdFPLCMAEDlVd.jpg
reminds me of
http://www.youtube.com/watch?v=15S0g8pG6HU
༼ つ ◕_◕ ༽つ Give Dotabuff Plus ༼ つ ◕_◕ ༽つ
ps. no wonder i found it strange i was logged out...any known (somewhat) user that posted the malicious content?
I dont wanna cause any panic but I am pretty sure we all got hacked due to dotabuffs lack of due diligence
only rational compensation is
༼ つ ◕_◕ ༽つ Give Dotabuff Plus ༼ つ ◕_◕ ༽つ
^
and a video of @jason pwning @lawliepop for fuckign around with the forums last time and banning multiple people (3x times me)
Por favor, se conecte para postar comentários.
Hi everyone,
Earlier today someone created a forum topic containing malicious code. They used an exploit in the BBCode library we were using to provide things like image-embedding on the forums, embedding Javascript that took action on the part of the user by creating a swarm of forum threads. We take things like this very seriously and I wanted to take a moment to explain some of the details behind the attack and how we've responded so far:
- The original posts containing the exploit were made about 6 hours ago. It took us a bit too long to notice the issue. We're primarily based in the US and the post was created in off-hours. We're working to address this through adding moderators to the forums to make sure things run smoothly at all times of day.
- BBCode has been temporarily disabled to prevent the issue from happening again. We plan to work up a bug fix, including very specific tests to make sure that this kind of thing can't sneak through again, and enable it once we're confident in the fix.
To put your mind at ease, we've also taken extra precautions to make sure your account is secure:
- There's a chance that the user may have tried to extract cookies from users who "triggered" the exploit. Out of an abundance of caution, we've invalidated user sessions for anyone who might have visited Dotabuff during the period where the exploit was active. If there's even the slightest chance that your session information may have leaked, you'll have automatically been signed out and will need to sign in again.
- We've audited user logs and have not found any instance where the attacker gained escalated privileges.
- We have no reason to believe that any of your personal information (such as steam account details, name, credit card, etc) were available. In fact, we don't store this information for exactly this reason: we don't need or want it, and we don't want to expose anyone to unnecessary risk.
I'm happy to answer any questions you may have.