Good Afternoon!
-
Good Afternoon!
Yesterday, after meeting for several hours with Network Solutions (our domain registrar), they finally agreed to our demands to lock our account and revert changes made to our domain nameβs NAMESERVER configuration. This lock also prevents anyone from signing in and making further changes. A fraud investigation has been launched on their part, and upon conclusion, our account will be fully released to us and we will receive more information on how this hijacking occurred. Our domain is directing traffic correctly.
While the bad actor was in control of our domain between Tuesday, August 20th at 12:47AM ET and Wednesday, August 21st at 2:28PM ET, they redirected our traffic to other websites and they set up an email server to receive any emails that were sent to any of our furaffinity.net accounts. If you sent any emails to our furaffinity.net accounts during that time, then the bad actor has those emails, we did not receive them, and you should act appropriately to secure and protect your information. Furthermore, any emails sent from furaffinity.net during that time would have been sent by the bad actor and should not be trusted. The bad actor never had access to our actual email accounts, any previous emails, nor data we have previously received.
It is important to stress that the Fur Affinity web server itself was never compromised, and the bad actor never had access to any private information therein such as our user and server data (It's as if someone stole your home address and had your mail and visitors routed somewhere else. Your house and everything inside is fine, only the address and incoming/outgoing mail were affected). As a precautionary measure during the incident, we invalidated all current login sessions and you will need to log back into your account.
FUR AFFINITY IS NOW ONLINE AND MAY BE ACCESSED SAFELY!
Furthermore, as of last night (August 21st at 9:53PM ET), we have regained access to our Twitter account, and with the help of Whanos, reclaimed our username (@FurAffinity). And as of this morning (August 22nd at 10:45AM ET), we also secured Dragoneer's personal Twitter account.
We have also been made aware of various sources claiming to have identified the bad actor responsible for this attack. We have no way to verify that these accusations are accurate, but will continue to share all information with the FBI. With that said, we want to remind everyone that we have a zero-tolerance policy toward harassment, no matter the circumstances. Recently, there have been instances where speculation has led to individuals being harassed, even if they have no proven connection to the incident.
It is important to note that Fur Affinity, with direct insight into the situation, has not conducted its own investigation. We are leaving that responsibility to law enforcement. Speculation only spreads misinformation and causes harm, so please be cautious about what you share or believe online.
We kindly urge everyone to avoid engaging in further speculation or harassment. It is the role of law enforcement to determine the facts and make decisions, not ours.
Finally, we want to extend our deepest gratitude to all of you for your unwavering support during this incredibly difficult time. Your kindness, patience, and understanding have meant the world to us as we've navigated these challenges together. We are committed to continuing to foster a creative and welcoming environment for all, and it is your strength and solidarity that make our community truly special. Thank you for standing with us.
-
@KinkyKobolds Iβm really missing a warning to change your password if you logged in during the hijack
-
@mizah Yeah. During the domain hijack, the attacker could have theoretically stolen the credentials of anyone who attempted to log in. Even if the site database wasn't compromised, it's probably a good idea to change your password just to be safe.