Hi everyone,
This morning we were notified that the website https://haveibeenpwned.com/ has sent out emails to persons subscribed to their mailing list, alerting them of potential security breaches. This included a notification about a security breach on MCBans.com that took place in October of 2016.
We made an announcement at the time of the breach (https://forums.mcbans.com/threads/security-measures-and-api-reset.44/), and also sent out a notification email, but because many users have expressed concern for their accounts today, we would like to make the announcement anew and reiterate our advice for those concerned.
We were not the only minecraft-related site affected, so any advice you take regarding MCBans should be applied to other sites as well, including Bukkit.org.
The data compromised included usernames, email addresses, IP addresses, website activity, and possibly passwords. Our passwords are heavily hashed with multiple layers of SHA-512, among other methods, so even if the data was stolen, your passwords should still be safe, as there is no known method of decryption for our safety measures at this point in time.
Regardless, it is good practice to change your passwords to be on the safe side. It is also good practice to avoid using the same password for multiple sites, and to change your passwords frequently. No site is ever truly safe against security attacks, so it is worth the trouble to take the extra steps to protect yourself.
If you have any further questions, feel free to join our Discord at https://discord.gg/zaWpUKs for a quick response or put in a support ticket on the forums by registering and clicking the following link: https://forums.mcbans.com/support-tickets/open
Thanks, and happy mining,
-KrisKleer
This morning we were notified that the website https://haveibeenpwned.com/ has sent out emails to persons subscribed to their mailing list, alerting them of potential security breaches. This included a notification about a security breach on MCBans.com that took place in October of 2016.
We made an announcement at the time of the breach (https://forums.mcbans.com/threads/security-measures-and-api-reset.44/), and also sent out a notification email, but because many users have expressed concern for their accounts today, we would like to make the announcement anew and reiterate our advice for those concerned.
We were not the only minecraft-related site affected, so any advice you take regarding MCBans should be applied to other sites as well, including Bukkit.org.
The data compromised included usernames, email addresses, IP addresses, website activity, and possibly passwords. Our passwords are heavily hashed with multiple layers of SHA-512, among other methods, so even if the data was stolen, your passwords should still be safe, as there is no known method of decryption for our safety measures at this point in time.
Regardless, it is good practice to change your passwords to be on the safe side. It is also good practice to avoid using the same password for multiple sites, and to change your passwords frequently. No site is ever truly safe against security attacks, so it is worth the trouble to take the extra steps to protect yourself.
If you have any further questions, feel free to join our Discord at https://discord.gg/zaWpUKs for a quick response or put in a support ticket on the forums by registering and clicking the following link: https://forums.mcbans.com/support-tickets/open
Thanks, and happy mining,
-KrisKleer