Waffles database hacked?

**KalPenn** · 08.04.09, 09:56

Just got this security notice today.

We believe our database may have been potentially compromised. Although the passwords are strongly encrypted, to be on the safe side, we still suggest all users change their passwords.

Edit: Just a heads up, we plugged the hole that allowed this to happen.

Edit 2: It is advisable to change your passkeys - you can now do this yourselves (for a limited time) in your profile.

**anonftw** · 08.04.09, 21:06

I read that too and it makes me very curious. They recommended that you change your passkeys, but not your passwords, therefore someone has been sniffing/hacker the tracker. But, if this true, how did they find out ? ...and even more crazy ...how long did it take them to do so ? I don't actually expect answers to these questions. lol But if makes me very curious !

**anon** · 08.04.09, 21:08

Originally Posted by anonftw

They recommended that you change your passkeys, but not your passwords

They did advise you to do so:

we still suggest all users change their passwords.

They may have noticed they have been hacked when they saw an IP that wasn't any of the admins' accessing the database or administration panel in the site logs...

**Tinkle** · 09.04.09, 04:36

its shocking that sites like waffles ws a victim for hacking really unusual considering that they are damn strict about their database access so i surely think it may be someone from inside

**anonftw** · 09.04.09, 06:30

I have been following their forums, and although Admins have responded numerous times helping users change information, they have stated that no additional details about the "breach" will be given out except for the generalized statement.

**StealthLeecher** · 11.04.09, 17:25

Waffles NEWS:

Important Security Notice posted by Mr. J on Apr-08-09
We were not hacked. We were betrayed by a former administrator. One of his duties was maintaining backups of the database, and transferring the backups to our offsite system, in case of emergency. He misused that duty and privilege.

Because of his indiscretions, we felt it better to err on the side of caution, and have you all change your passwords and passkeys. We sincerely regret that this has happened, and assure you we have tightened the reigns on staff requirements.

If you're one of the people that use the same password everywhere, you may have to change the password for your email account. We only use IPs for site security, and do not link them with snatches, seeding, or the like.

Passwords are hashed, but since most people cock their head sideways when you say it's hashed, we called it encrypted. To the general public, it means all the same. Some passwords were salted, and some older ones were not. All new passwords are salted.

It is advisable to change your passkeys - you can now do this yourselves (for a limited time) in your profile

**anon** · 11.04.09, 19:06

Originally Posted by supercheater

Waffles NEWS:

Please put quotes between QUOTE tags. I have done it for you.

A backstabbing admin, who would have thought it... most likely that's why they originally didn't want to give more info.