Yesterday an admin account was compromised within the Technic Platform software we use. Our servers, databases and other assorted 'very important' things were NOT compromised, only the internal software we use to administrate the Platform itself.
The result of this was someone used the admin account to grant a brand-new account admin access, and then went around deleting packs and changing emails to accounts. Immediately this was noticed (you can’t just delete the most popular user-created modpack of all time) and the servers themselves were shut down by me. Thus, the 503 page everyone saw for the last 12+ hours.
I want to be clear that our passwords are hashed and salted and can’t be accessed from the Platform software. An admin can change passwords but can’t see what the current passwords are.
The result of this now is that the last day or so has been erased from the Platform’s memory and it thinks it was around 24+ hours ago. Our security has been re-done and now we offer various features. The most important one would be 2-factor authentication. It’s available for any user in your profile page if you’d like to use it (and I’d suggest you do if you run any sort of business ventures with your modpack/servers). As far as another issue happening like this it should be very unlikely as admin accounts within our software can no longer admin other admins which prevents specifically what this attack did.
As for why we were attacked? There is a lot of money that is moved around because of the Platform. While we at Technic don’t run servers or accept donations, server operators use the Platform to serve their customers. Because of this there is real value that can be targeted when it comes to modpacks, servers, rankings and the accounts attached to them.
Thanks for all your guys’ patience with us as we dealt with this issue. We’ll be keeping an eye out as always for anything weird that happens and hopefully have prevented other attacks that use this avenue.