Blog & test server compromised

At approximately 3pm GMT today unauthorised access was detected to the server which runs our Blog.  In response to this we shut it down and began investigating.  Later today at around 8pm GMT we shutdown our IRC services after it became clear that several pieces of backed up data had been accessed maliciously from another server, We now know this data included;

* The personal information of 9 Mibbit operators including their names, accounts and e-mail addresses
* A backup of nickserv data from April 2011 with up to 10,000 user nicknames and their credentials
* Two sets of backup data for one operator user account PMs and Channel logs, used for testing

Currently we are working on securing and restoring the affected services.  We are treating this as a significant and malicious attack on our services which impacts our users and which has placed user data at risk.  If you have a registered nickname with Mibbit we advise you to review your use of those credentials used.

This attack affects only our Blog, Wiki and our IRC services including Nickserv and Chanserv (Anope).  This attack has not compromised the Mibbit client or the Widget, nor has it resulted in general channel or PM logs being made available, neither has the main Mibbit client account log-on system been compromised or Mibbit user profile data been accessed maliciously.  These live systems remain operating as normal.

We do advise all users who registered either a nickname or a channel on our network and who have not changed passwords in recent months to review the use of passwords on other systems if the same or similar credentials are used. And further, to take appropriate action to review and change access details on those systems if necessary.  It is expected to be some time before Nickserv and Chanserv are fully restored, when they are back there will be remedial action required for users to be able to recover nicknames and channels.

We are continuing to work to remedy this situation and bring back affected services online as quickly as possible.  Please accept our apologies for the disruption, inconvenience and difficulty this attack has caused to you and your users. As we have updates about the attack, the backup data which was stolen from tools.mibbit and the next steps to recover services we will share it via the blog and the #help channel.

Related posts:

  1. Widget connects to any server
  2. Welcome to the new blog!
  3. Network issues – update
  4. PM log export is now available!
  5. Two is better

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>