Technic Blog

Forums database breach

If you have an account on our forums or wiki, and are using your password somewhere else, change it immediately. You should still be fine, but this is a necessary precaution.
 
Our forums and wiki got compromised by an unknown third-party. On Friday a user warned us that our wiki was redirecting to some Chinese website. As a precaution, we took down that machine (forums + wiki) while we investigated the issue. Now, we are aware that a malicious unknown third-party injected a PHP shell in our server, most likely through a Mediawiki vulnerability. Upon further inspection, we discovered that the forum database had been leaked. For now, our forums and wiki remain offline, while we assess the situation and decide what to do next.
 
We apologize for this situation, and moving forward we will harden our security surrounding external systems, such as the forums and wiki.
 
Solder.io and Technic Platform (that includes the launcher) are not affected. Only the forums are affected.
Your Minecraft account is completely unrelated, so it's safe as well.

Comments

You must be logged in to comment. Click here to register a new account or log in.
Damn! Hope nothing will be lost for you guys. Good Job for having stopped them already.
appolon41mc 1 week ago
What do you mean? Don't you hash your passwords?
Anisic 1 week ago
They most likely do, but the hackers can intercept logins and passwords from machines they hacked.
Posted by Flipper31 1 week ago
Yeah, they hash all passwords, but do you want to take the risk?
Posted by Flipper31 1 week ago
Of course they do, but even the hash of a password, if given the right information that could be obtained from other sources, could be used to produce the correct password. Although that's a "pretty big 'if'", it's still better to be safe than sorry
Posted by macks2008 1 week ago
They had better salt and hash the passwords. Nonetheless, you don't want to take chances, especially if you reuse passwords or don't use a secure password.
snarfblam 1 week ago
The passwords are encrypted with bcrypt with a cost of 13 (possibly a different salt for every password but i'm not certain about that) https://twitter.com/PedroACunha/status/1069740224497020929 https://security.stackexchange.com/a/170147 https://en.wikipedia.org/wiki/Bcrypt
oscrx95 1 week ago
OMG
rip
KyroKrypt 1 week ago
press f to pay respects
KyroKrypt 1 week ago
Good job on reporting it right away! I received a message from haveIbeenpwned right away. I had an account at one time, but when I went to sign in, it said it couldn't find my account. I went ahead and created a new one and enable 2FA to keep it secure. I hope this won't conflict with any account for the forums once they're back up?
adamvan2000 1 week ago
literally the reason to block china from accessing your servers. How many good things come out of the network in china? that firewall is there to protect us not them.
Xyberviri 1 week ago
wow I had to make a new account because it said my email wasn't registered what's ironic is I didn't see this till today and haven't played Minecraft whatsoever until yesterday.
Tyronez 1 week ago
wut is the best modpack vote
Robotkid067 1 week ago
gg
Tdogo 1 week ago
I was wondering what happened to the forums! I admit, I was pretty mad that I couldn't access the site (because I was unaware of what was going on) - good on you guys for taking the right course of action! Hope it's not too much of a mess!
poot_n_scoot 1 week ago
i need a good modpack
Robotkid067 6 days ago
plz
Robotkid067 2 days ago
I recommend The Laboratory Revisited HQM
Posted by robombie2 1 day ago
marketinginfo
dmi99 17 hours ago