We are currently responding to a potential cybersecurity incident.
We are writing to you because of an incident involving access to information associated with Sindome’s database. Although we are unaware of any actual misuse of your information, we are providing notice to you and other potentially affected members about the incident, and about steps you can use to protect yourself against the intrusion and misuse of personal information or accounts.
We were informed on 9/27/2022 that a development instance of our database from early 2022 (which contained production data) experienced a potential intrusion the extent and nature of which remain under investigation.
A preliminary investigation has determined that former community members potentially used unauthorized and/or escalated privileges to gain access to Sindome’s database & code without proper authority or consent of Sindome.
Account information that was potentially exposed: IP Addresses, Encrypted Passwords, Email Addresses.
While it is unknown the exact extent of the unauthorized access, Sindome has moved as swiftly as possible to address the problem once it became known, and we are actively taking steps to guard against something like this happening again.
Specifically, we have:
- Closed the known access points that were used for this unauthorized access and intrusion.
- Shutdown the development access of the parties believed to be responsible.
- Undertaken efforts to secure Sindome’s infrastructure and fix the vulnerabilities potentially used by the intruders.
- Formed a incident team to investigate how this happened. This investigation is ongoing and looks forward to working closely with law enforcement should it be warranted.
- Communicated to our members through this statement (with an email forthcoming) the need to change their personal password as soon as possible for their Sindome MOO account, and take active steps to monitor their account going forward. Sindome passwords are encrypted, but changing of each member’s password will assist in limiting the potential misuse of any account or information.
To Protect Yourself
What You Can Do! To protect yourself from the possibility of identity theft and/or account manipulation, we recommend you immediately change your Sindome account passwords, and report any suspicious activity to Sindome administrators. Do not reuse passwords across accounts. If you use your Sindome password anywhere else, you should change that password.
There have been no known misuses of personal or account information at this time. To report any problems, please use the contact information listed below. If you have questions pertaining to the incident, please also use the contact information below.
To contact a Sindome system admin please contact: [email protected]
Additional Info based on questions received:
- This affected a development instance of the MOO and its database. The website was not affected.
- You can use @password in the MOO to change your password.
- If your account is less than ~6 months old, this would not impact you as your MOO account would not have existed in the development instance.
- If you do not have access to your MOO account because you are suspended or banned, just make sure you change your password anywhere else you have used it. We have already cleared your password in the MOO.
(Edited by Slither at 5:02 pm on 9/28/2022)