Galaxycamerata

Winter Cam-dle

@Galaxycamerata

Artistic, Game-Addled Robot

  • She/Her

Weird Ladybug | 30

My name is Cam and I'm here to vibe

log inask
bearblog
someweirdladybug.bearblog.dev/
Bluesky
bsky.app/profile/galaxycamerata.bsky.social
Tumblr
someweirdladybug.tumblr.com/
Galaxycamerata
@Galaxycamerata
Kayin
@Kayin
PhormTheGenie
@PhormTheGenie

PSA

Updates below as they become available - See Final Update: FA appears to be back, and appropriate control has been restored.

Just in case anyone hasn't seen the news floating around:

DO NOT ATTEMPT TO ACCESS FURAFFINITY AT THE MOMENT

Sometimes last night FA's domain registrar account was hijacked. Traffic is now redirected to a malicious landing page that is disguised as a legitimate storefront. And that's just at the moment. Apparently it keeps bouncing around between different landing pages.

Don't log in, don't enter credentials, don't even type in the URL. Stay far away until this mess gets sorted out, because I would wager somewhere in this mess, malware is getting doled out via drive-by. Even if the site looks "fine" for the moment, until FA staff have control of the registrar account, there is risk.

Stay safe, folks.

(Sorry to non-furry folks for clogging your feeds, but this is kinda important and CoHost is remarkably furry. The nature of the problem means that communication needs to happen outside the afflicted platform, too. I know a lot of people are still unaware of what's going on!)

UPDATE (09:00 21AUG2024): It appears that FA administration has control over the registrar account again. FA itself is intentionally down so that they can review what happened more fully before bringing it back up. While the immediate issues appears resolved, there were many knock-on issues that followed, and it's not clear the full extent of the compromise was - or might still be.

During the debacle, it looked like the attacker managed to use the hijacked registrar account to redirect incoming emails sent to FA - This likely allowed them to hijack accounts on Twitter, Bluesky, and Discord using password recovery options. It's unknown if this could also allow access to other accounts, including FA itself. With this in mind, it's a good idea to wait until the dust settles until further action is taken, but I'd say resetting your FA password when the coast is clear is a good idea - and retire that password entirely.

Update (22AUG2024): FA staff appear to be back in control of their Twitter account.

Further update (22AUG2024): FA staff are back in control of their registrar account, and traffic is being directed normally once again. All stolen external social accounts appear to be back where they belong. FA is once again open, though all sessions were voided to prevent session hijacking. The incident appears to have concluded, and it should once again be safe to visit FA.

CircleBoo
@CircleBoo
This page's posts are visible only to users who are logged in.
log in
Lollie
@Lollie
Sorry! This post has been deleted by its original author.
You must log in to comment.

in reply to @PhormTheGenie's post:

MewMus
@MewMus

Far more likely the "hacker" took advantage of Neers death to pose as a family member to access the FA domain at which point they'd have email handles that they could use to reset passwords on socials like twitter...

login to reply
takelgryph
@takelgryph

It's certainly not the first time someone's managed to wreak havoc by taking control of someone's email address. Hell, it happened to former Xbox Live policy and enforcement director Stephen "Stepto" Toulouse way back in 2011.

login to reply
Damaged
@Damaged

Last news on their Discord (from Luffy):

The reason Fur Affinity went offline around at 12:48am is due to someone hijacking our account with @netsolcares. Even though we worked quickly to correct the situation, their customer support has stated they cannot lock or freeze the account and we have to wait 24-48 hours for proper assistance. We have contacted them multiple times expressing urgency in this matter, and they've responded saying there is nothing they can do even though we have proven without a doubt that we are the proper owner and the account has been hijacked. This is a serious security issue and oversight on their side. Refusal to take this issue seriously has caused undue stress and misinformation to spread. We need action now to get the domain back into our control. This is unacceptable that customer support at @netsolcares can identify a hijack but not stop or freeze the account immediately.

We invalidated all login sessions for security reasons. Do not log back into Fur Affinity until we greenlight it. Nothing is currently affected. This is a preventative measure.

Logins are disabled.

The Fur Affinity Twitter has been compromised. We're doing everything we can to regain access, but please do not trust anything posted on there until we let you know here that we have control of it again.
Please tell those you know that they must rely on our Discord for information for now.
Please report tweets made by our account.

It looks like Cloudflare has locked up the hackers' CF account and has parked an anti-phishing page on it. The twitter hacker immediately went mask-off with anti-furry hate, changed the name of the account, changed the handle—and a nice furry immediately made a new account at FA's old handle so that no one could take it over.

login to reply
PhormTheGenie
@PhormTheGenie

No worries! I'm very glad it reached you.

I'd keep an ear to the ground, as this is still developing. Some folks have added on to my post with shares, so just in case you haven't seen those: FA's bridsite account, and potentially their Discord, are compromised as well. Probably a good time to just wait until this all gets sorted in a day or three.

login to reply

in reply to @CircleBoo's post:

in reply to @Lollie's post:

finalgamerjames
@finalgamerjames

Dragoneer's twitter and telegram also got hijacked so I'm wondering if someone managed to steal his phone number after he died and kept pulling threads of security via it. It feels too coincidental this happened around the time of them settling his affairs, someone either impersonating an associate of his or finding a weak spot.

I hope that's not the case but considering it's wikifarms, I wouldn't put it past them to use such ghoulish tactics.

login to reply
PhormTheGenie
@PhormTheGenie

Chances are that Neer might've been using a FurAffinity email account to register his accounts on various social sites like Twitter and Telegram. Because the attacker hijacked the registrar account and redirected all traffic, that means they could've basically had any and all email that was sent to a FurAffinity email account instead go to their own email server. Effectively hijacking all incoming mail without ever needing to compromise the email account itself. Then, just put in password reset requests on each of the social sites.

Once the password reset emails were in their hands, it's basically game over. Particularly since Dragoneer's passing makes recovering the account extremely difficult.

It's disgusting and positively vile, in any case.

login to reply
Dragaroths-hideaway
@Dragaroths-hideaway

Given that Kiwifarms seems to be tearing this guy a new one, and Null (the owner) immediately put up a banner saying they aren't related to this guy at all, in more colorful language, I think its either a smear, or he was hoping to get 'cred' with them.

so now two huge groups of people hate him, on opposite ends of the spectrum, whoever did the hack is gunna be obliterated, lmao.

login to reply
Pinned Tags