Technic News

Forums database breach

If you have an account on our forums or wiki, and are using your password somewhere else, change it immediately. You should still be fine, but this is a necessary precaution.
 
Our forums and wiki got compromised by an unknown third-party. On Friday a user warned us that our wiki was redirecting to some Chinese website. As a precaution, we took down that machine (forums + wiki) while we investigated the issue. Now, we are aware that a malicious unknown third-party injected a PHP shell in our server, most likely through a Mediawiki vulnerability. Upon further inspection, we discovered that the forum database had been leaked. For now, our forums and wiki remain offline, while we assess the situation and decide what to do next.
 
We apologize for this situation, and moving forward we will harden our security surrounding external systems, such as the forums and wiki.
 
Solder.io and Technic Platform (that includes the launcher) are not affected. Only the forums are affected.
Your Minecraft account is completely unrelated, so it's safe as well.

Comments

The chinese shall be banned from Technic, The chinese are hackers, They are blocked from this website prob by now but still they might not be.
Edwardplayz Edwardplayz ·
goodi
lukgamesmitoo lukgamesmitoo ·
ok
minkg0147 minkg0147 ·
how could I submit my article here?
greenetelsea greenetelsea ·
I just lost a ~10 year account because of this breach. I really wish you guys emailed us because I would have updated my information right away if I knew the breach occurred. Because my information was the same as my Minecraft, they were able to take my account which has the transaction email on an email that was discontinued. Please send emails next time. I get that you guys caught it quickly but I never knew that it happened until 6 months later.
slapbox slapbox ·
Replies
they did email you. look 4 comments above yours
macks2008 macks2008 ·
i have a FML problem pls can fix it or ? thx
Black_Killer_PRO Black_Killer_PRO ·
The forums are now back again. All passwords have been invalidated, and an email explaining this has been sent out. You will need to reset your password before attempting to login on the forums.
Pyker Pyker · Technic Staff ·
I'm guessing this has something to do with the continual downtime of the forums. But darn, can't believe it was leaked in such a way. Well, hope forums do come back and are working again.
NovaLynxie NovaLynxie ·
plz
Robotkid067 Robotkid067 ·
Replies
I recommend The Laboratory Revisited HQM
Robombie Robombie ·
i need a good modpack
Robotkid067 Robotkid067 ·
I was wondering what happened to the forums! I admit, I was pretty mad that I couldn't access the site (because I was unaware of what was going on) - good on you guys for taking the right course of action! Hope it's not too much of a mess!
poot_n_scoot poot_n_scoot ·
gg
Tdogo Tdogo ·
wut is the best modpack vote
Robotkid067 Robotkid067 ·
Replies
Best modpack: Life in the village: RMC edition
Edwardplayz Edwardplayz ·
wow I had to make a new account because it said my email wasn't registered what's ironic is I didn't see this till today and haven't played Minecraft whatsoever until yesterday.
Tyronez Tyronez ·
literally the reason to block china from accessing your servers. How many good things come out of the network in china? that firewall is there to protect us not them.
Xyberviri Xyberviri ·
Good job on reporting it right away! I received a message from haveIbeenpwned right away. I had an account at one time, but when I went to sign in, it said it couldn't find my account. I went ahead and created a new one and enable 2FA to keep it secure. I hope this won't conflict with any account for the forums once they're back up?
adamvan2000 adamvan2000 ·
press f to pay respects
KyroKrypt KyroKrypt ·
Replies
f
MassiveAlexander12 MassiveAlexander12 ·
f
Edwardplayz Edwardplayz ·
rip
KyroKrypt KyroKrypt ·
OMG
emanuelvsm2009 emanuelvsm2009 ·
The passwords are encrypted with bcrypt with a cost of 13 (possibly a different salt for every password but i'm not certain about that) https://twitter.com/PedroACunha/status/1069740224497020929 https://security.stackexchange.com/a/170147 https://en.wikipedia.org/wiki/Bcrypt
oscrx95 oscrx95 ·
They had better salt and hash the passwords. Nonetheless, you don't want to take chances, especially if you reuse passwords or don't use a secure password.
snarfblam snarfblam ·
What do you mean? Don't you hash your passwords?
Anisic Anisic ·
Replies
They most likely do, but the hackers can intercept logins and passwords from machines they hacked.
Flipper31 Flipper31 ·
Yeah, they hash all passwords, but do you want to take the risk?
Flipper31 Flipper31 ·
Of course they do, but even the hash of a password, if given the right information that could be obtained from other sources, could be used to produce the correct password. Although that's a "pretty big 'if'", it's still better to be safe than sorry
macks2008 macks2008 ·
Damn! Hope nothing will be lost for you guys. Good Job for having stopped them already.
appolon41mc appolon41mc ·