Skip to main content
User login
OpenID
What is OpenID?
Username or e-mail
*
Password
*
Log in using OpenID
Cancel OpenID login
Create new account
Request new password
Register
Home
Browse
2D Art
3D Art
Concept Art
Textures
Music
Sound Effects
Documents
Featured Tutorials
Submit Art
Collect
My Collections
Art Collections
Forums
FAQ
Leaderboards
All Time
Total Points
Comments
Favorites (All)
Favorites (2D)
Favorites (3D)
Favorites (Concept Art)
Favorites (Music)
Favorites (Sound)
Favorites (Textures)
Weekly
Total Points
Comments
Favorites (All)
Favorites (2D)
Favorites (3D)
Favorites (Concept Art)
Favorites (Music)
Favorites (Sound)
Favorites (Textures)
❤ Donate
Search Terms
General Discussion
OpenGameArt.org has been hacked/comprimised
Akuma no Tsubasa
Wednesday, November 18, 2015 - 06:54
Hello,
I got this mail today:
I would like to know if more than my mailadress has been stolen.
I would like to know if more than my mailadress has been stolen.
There's a blog post about this on the front page.
I don't know for certain what all information they got, but it seems likely that if they were able to get a list of email addresses that they may have also been able to get at hashed passwords. I'm in the middle of running a scan on the server (it went all night and it's about half done), and it hasn't turned up anything yet.
Edit: Just to be clear, we don't store any Paypal or other payment account information here on OGA. Even though the email mentiones "Peypal", it doesn't mean they got any credit card or bank information. That being said, if your paypal or bank account uses the same email and password that you use on OGA, I strongly recommend that you change them immediately.
Hi,
no, I use a unique password for each site, which already makes my head dizzy. But why didn't we get an email about that, if there is something known about it?
And yeah, the grammar, which is even worse than mine, showed me perfectly that this was just a scam. Especially that URL they wanted to forward me was way out of any possible legal connection to OGA
no, I use a unique password for each site, which already makes my head dizzy. But why didn't we get an email about that, if there is something known about
I figured the announcement on the front page would suffice, although that was probably a bad call on my part. I'll see what I can do about sending out a mass mail.
Anyway, if you're using a unique password on OGA, then the only information they could have gotten is anything you've entered on the site. Since we don't even ask for your real name, I'm guessing that the only thing of interest to hackers would be your email (which is known to be compromised, since they emailed everyone) and your password (which is hashed and in your case unique to OGA).
Everything of value here is public (it's an OSS site). What did they think they would steal? It's all given out for free and libre.
Maybe make archives of all the data so if they do worse attacks it won't all be lost.
Also for yourself make full backups of the site every so often that can just be dropped back in and burn them to DVD. (This sort of thing along with uploading everything to the net has helped in the past avoid data loss from "wonderful" intel SSDs (I don't use SSDs ever anymore, once bitten))
Bart: I was wondering if it would be possible if you could increase the single file size limit? I have audacity project (the source files to music I record) and some are 300, or 400 (450) MB.
People DL them when they are available and it allows you to use parts of a song if you don't like the whole thing, like the bass track etc.
There are a good number of songs that I could't upload the audacity zip to.