Another Day, Another Hack: Furry Site Hacked, Content Deleted
May 24, 2016
Shah Sheikh (1294 articles)

Another Day, Another Hack: Furry Site Hacked, Content Deleted

Quite literally, every day someone gets hacked. Whether that’s a telecommunications company having its customer data stolen, or another chain of businesses being ripped for all the credit cards it processes, today one hack just seems to melt into another.

In our series Another Day, Another Hack, we do short posts giving you what you need to know about the hack, so you can figure out whether your bank account, website logins or anything else might be at risk. Because, even if the hack might not be the most sophisticated, real people are still getting fucked over somewhere, and should know about it.

Last week, a community of furries—people with an interest in anthropomorphic animal characters such as wolves and foxes—witnessed a popular online hub disappearing. Content including art submissions and user profiles on enthusiast site “Fur Affinity” was wiped, and hackers may have run off with email addresses and hashed passwords.

“We have just learned the attackers have access to personal user data, such as encrypted passwords and email addresses,” the site’s self-described Director of Operations, known as “Chase,” wrote last Friday on the Fur Affinity forums. Around Monday morning, a user called Fender announced that site passwords had been reset.

The Fur Affinity Twitter account has some 41,000 followers, and describes the site as “The world’s largest community of furries, anthros, dragons and more!” Fur Affinity, essentially an online gallery, allows users to upload music, writing, and art.

According to Fender, the problems started at the beginning of May, when researchers disclosed a vulnerability in the ImageMagick library that allows attackers to execute arbitrary code on websites. In this case, hackers downloaded Fur Affinity’s source code before the administrators had patched the site.

Over a week later, Fur Affinity heard that people at an unnamed convention were handing out USB sticks containing that source code. The same day, the site was attacked again, and this time hackers deleted content. They were stopped before things such as journals and notes could be wiped, an administrator who calls themselves Dragoneer wrote last week on the Fur Affinity forums.

“While we were investigating [the USB sticks], somebody launched a second attack against the site using information gleaned from the source code,” Dragoneer said.

Fender wrote that, “At this time we do not know who executed the attacks on this site. An analysis of the attack vector used suggests these individual(s) were experienced attackers and not casual bystanders.” (However, the researchers who discovered the ImageMagick vulnerability said that the “exploit is trivial.”)

Fur Affinity has been restored from a May 11 backup, so the damage isn’t too bad, and site passwords are supposedly hashed and salted. This means they might not be immediately cracked, though that is still possible.

The lesson: Even if a site, organisation or company says that no passwords have been stolen in an attack, you should reset yours anyway, especially if you used the same password on multiple services.

Source | MotherBoard