Technic News

5 years ago

Forums database breach

If you have an account on our forums or wiki, and are using your password somewhere else, change it immediately. You should still be fine, but this is a necessary precaution.
 
Our forums and wiki got compromised by an unknown third-party. On Friday a user warned us that our wiki was redirecting to some Chinese website. As a precaution, we took down that machine (forums + wiki) while we investigated the issue. Now, we are aware that a malicious unknown third-party injected a PHP shell in our server, most likely through a Mediawiki vulnerability. Upon further inspection, we discovered that the forum database had been leaked. For now, our forums and wiki remain offline, while we assess the situation and decide what to do next.
 
We apologize for this situation, and moving forward we will harden our security surrounding external systems, such as the forums and wiki.
 
Solder.io and Technic Platform (that includes the launcher) are not affected. Only the forums are affected.
Your Minecraft account is completely unrelated, so it's safe as well.

Comments

You must be logged in to comment. Click here to register a new account or log in.
The chinese shall be banned from Technic, The chinese are hackers, They are blocked from this website prob by now but still they might not be.
Reply
Edwardplayz 3 years ago
goodi
Reply
lukgamesmitoo 3 years ago
ok
Reply
minkg0147 4 years ago
how could I submit my article here?
Reply
greenetelsea 4 years ago
I just lost a ~10 year account because of this breach. I really wish you guys emailed us because I would have updated my information right away if I knew the breach occurred. Because my information was the same as my Minecraft, they were able to take my account which has the transaction email on an email that was discontinued. Please send emails next time. I get that you guys caught it quickly but I never knew that it happened until 6 months later.
Reply
slapbox 4 years ago
they did email you. look 4 comments above yours
Posted by macks2008 4 years ago
i have a FML problem pls can fix it or ? thx
Reply
Black_Killer_PRO 5 years ago
The forums are now back again. All passwords have been invalidated, and an email explaining this has been sent out. You will need to reset your password before attempting to login on the forums.
Reply
Pyker 5 years ago
I'm guessing this has something to do with the continual downtime of the forums. But darn, can't believe it was leaked in such a way. Well, hope forums do come back and are working again.
Reply
NovaLynxie 5 years ago
plz
Reply
Robotkid067 5 years ago
I recommend The Laboratory Revisited HQM
Posted by Robombie 5 years ago
i need a good modpack
Reply
Robotkid067 5 years ago
I was wondering what happened to the forums! I admit, I was pretty mad that I couldn't access the site (because I was unaware of what was going on) - good on you guys for taking the right course of action! Hope it's not too much of a mess!
Reply
poot_n_scoot 5 years ago
gg
Reply
Tdogo 5 years ago
wut is the best modpack vote
Reply
Robotkid067 5 years ago
Best modpack: Life in the village: RMC edition
Posted by Edwardplayz 3 years ago
wow I had to make a new account because it said my email wasn't registered what's ironic is I didn't see this till today and haven't played Minecraft whatsoever until yesterday.
Reply
Tyronez 5 years ago
literally the reason to block china from accessing your servers. How many good things come out of the network in china? that firewall is there to protect us not them.
Reply
Xyberviri 5 years ago
Good job on reporting it right away! I received a message from haveIbeenpwned right away. I had an account at one time, but when I went to sign in, it said it couldn't find my account. I went ahead and created a new one and enable 2FA to keep it secure. I hope this won't conflict with any account for the forums once they're back up?
Reply
adamvan2000 5 years ago
press f to pay respects
Reply
KyroKrypt 5 years ago
f
Posted by MassiveAlexander12 5 years ago
f
Posted by Edwardplayz 3 years ago
rip
Reply
KyroKrypt 5 years ago
OMG
Reply
emanuelvsm2009 5 years ago
The passwords are encrypted with bcrypt with a cost of 13 (possibly a different salt for every password but i'm not certain about that) https://twitter.com/PedroACunha/status/1069740224497020929 https://security.stackexchange.com/a/170147 https://en.wikipedia.org/wiki/Bcrypt
Reply
oscrx95 5 years ago
They had better salt and hash the passwords. Nonetheless, you don't want to take chances, especially if you reuse passwords or don't use a secure password.
Reply
snarfblam 5 years ago
What do you mean? Don't you hash your passwords?
Reply
Anisic 5 years ago
They most likely do, but the hackers can intercept logins and passwords from machines they hacked.
Posted by Flipper31 5 years ago
Yeah, they hash all passwords, but do you want to take the risk?
Posted by Flipper31 5 years ago
Of course they do, but even the hash of a password, if given the right information that could be obtained from other sources, could be used to produce the correct password. Although that's a "pretty big 'if'", it's still better to be safe than sorry
Posted by macks2008 5 years ago
Damn! Hope nothing will be lost for you guys. Good Job for having stopped them already.
Reply
appolon41mc 5 years ago