- Joined
- Dec 29, 2002
- Messages
- 15,871
- Reaction score
- 1,898
- Pronouns
- He/Him
- Staff
- #1
Hello everyone,
Earlier this week, an intruder gained access to two staff accounts on Bulbapedia. That incident was quickly resolved, with the intruder quickly locked out of those accounts and all damage they did on the wiki being reverted. We do not believe at this stage that there is any continuing risk to Bulbapedia or to wiki users. That's not what I'm here to talk to you about however.
In our investigation of that particular incident with Bulbapedia, we uncovered evidence that our forums server (which is its own separate server from our wiki setup) had suffered a breach. At this point in time, we believe the Oekaki was the initial vector of attack. Though the Oekaki was running a current version of the Wacintaki Poteto software, the developer of that software has recently indicated that it is unlikely to receive further updates going forward, and as a result we were intending to decommission the Oekaki after New Year's. In light of its role in this incident, we have taken the Oekaki offline permanently. We have taken backups of all images posted to the Oekaki, and will be arranging a way for users of our Oekaki to download these in the near future.
To ensure user security, we will be decommissioning the current forums server and make a fresh start. While I say fresh start, I can reassure you that forums account and post data will not be lost in this process. However all blogs and social groups will be lost. While we will retain a backup copy of the current forums database with all that content, going through that to recover information would be time consuming, so I'd suggest you take a backup of anything there that you can't live without ASAP. And yes, there will be a mandatory password reset to go along with that. This server refresh was something we already had plans to do in mid-to-late November anyway, so this is simply us accelerating that process.
I will have more information for you all within 24 hours.
Earlier this week, an intruder gained access to two staff accounts on Bulbapedia. That incident was quickly resolved, with the intruder quickly locked out of those accounts and all damage they did on the wiki being reverted. We do not believe at this stage that there is any continuing risk to Bulbapedia or to wiki users. That's not what I'm here to talk to you about however.
In our investigation of that particular incident with Bulbapedia, we uncovered evidence that our forums server (which is its own separate server from our wiki setup) had suffered a breach. At this point in time, we believe the Oekaki was the initial vector of attack. Though the Oekaki was running a current version of the Wacintaki Poteto software, the developer of that software has recently indicated that it is unlikely to receive further updates going forward, and as a result we were intending to decommission the Oekaki after New Year's. In light of its role in this incident, we have taken the Oekaki offline permanently. We have taken backups of all images posted to the Oekaki, and will be arranging a way for users of our Oekaki to download these in the near future.
To ensure user security, we will be decommissioning the current forums server and make a fresh start. While I say fresh start, I can reassure you that forums account and post data will not be lost in this process. However all blogs and social groups will be lost. While we will retain a backup copy of the current forums database with all that content, going through that to recover information would be time consuming, so I'd suggest you take a backup of anything there that you can't live without ASAP. And yes, there will be a mandatory password reset to go along with that. This server refresh was something we already had plans to do in mid-to-late November anyway, so this is simply us accelerating that process.
I will have more information for you all within 24 hours.
