Ki's Scrumbler Sanctuary

Sometimes last night FA's domain registrar account was hijacked. Traffic is now redirected to a malicious landing page that is disguised as a legitimate storefront. And that's just at the moment. Apparently it keeps bouncing around between different landing pages.

Don't log in, don't enter credentials, don't even type in the URL. Stay far away until this mess gets sorted out, because I would wager somewhere in this mess, malware is getting doled out via drive-by. Even if the site looks "fine" for the moment, until FA staff have control of the registrar account, there is risk.

Stay safe, folks.

(Sorry to non-furry folks for clogging your feeds, but this is kinda important and CoHost is remarkably furry. The nature of the problem means that communication needs to happen outside the afflicted platform, too. I know a lot of people are still unaware of what's going on!)

UPDATE (09:00 21AUG2024): It appears that FA administration has control over the registrar account again. FA itself is intentionally down so that they can review what happened more fully before bringing it back up. While the immediate issues appears resolved, there were many knock-on issues that followed, and it's not clear the full extent of the compromise was - or might still be.

During the debacle, it looked like the attacker managed to use the hijacked registrar account to redirect incoming emails sent to FA - This likely allowed them to hijack accounts on Twitter, Bluesky, and Discord using password recovery options. It's unknown if this could also allow access to other accounts, including FA itself. With this in mind, it's a good idea to wait until the dust settles until further action is taken, but I'd say resetting your FA password when the coast is clear is a good idea - and retire that password entirely.

Update (22AUG2024): FA staff appear to be back in control of their Twitter account.

Further update (22AUG2024): FA staff are back in control of their registrar account, and traffic is being directed normally once again. All stolen external social accounts appear to be back where they belong. FA is once again open, though all sessions were voided to prevent session hijacking. The incident appears to have concluded, and it should once again be safe to visit FA.

#furry #Furaffinity

Irenes (many)@ireneista8/21/2024, 12:38 AM

this advice appears to be correct

also the FA Twitter account doesn't appear to be under their control, either

You must log in to comment.

in reply to @PhormTheGenie's post:

Plum @plumpan8/21/2024, 12:32 AM

Their twitter got compromised just now too! Not a good day down at FA HQ.

Phorm The Vixdjinn @PhormTheGenie8/21/2024, 12:39 AM

Jeebus

Absolutely feels like there's some malware loose on at least one admin machine.

Plum @plumpan8/21/2024, 12:41 AM

Who knows

Hope they get it sorted out.

Phorm The Vixdjinn @PhormTheGenie8/21/2024, 12:55 AM

Same, honestly. What a tremendous headache.

ira 🌷🐰@irina8/21/2024, 1:05 AM

did they use the same password for multiple accounts

Rose @MewMus8/21/2024, 1:18 AM

Far more likely the "hacker" took advantage of Neers death to pose as a family member to access the FA domain at which point they'd have email handles that they could use to reset passwords on socials like twitter...

Takel @takelgryph8/21/2024, 9:13 AM

It's certainly not the first time someone's managed to wreak havoc by taking control of someone's email address. Hell, it happened to former Xbox Live policy and enforcement director Stephen "Stepto" Toulouse way back in 2011.

DamagedFics @Damaged8/21/2024, 1:51 AM

Last news on their Discord (from Luffy):

The reason Fur Affinity went offline around at 12:48am is due to someone hijacking our account with @netsolcares. Even though we worked quickly to correct the situation, their customer support has stated they cannot lock or freeze the account and we have to wait 24-48 hours for proper assistance. We have contacted them multiple times expressing urgency in this matter, and they've responded saying there is nothing they can do even though we have proven without a doubt that we are the proper owner and the account has been hijacked. This is a serious security issue and oversight on their side. Refusal to take this issue seriously has caused undue stress and misinformation to spread. We need action now to get the domain back into our control. This is unacceptable that customer support at @netsolcares can identify a hijack but not stop or freeze the account immediately.

We invalidated all login sessions for security reasons. Do not log back into Fur Affinity until we greenlight it. Nothing is currently affected. This is a preventative measure.

Logins are disabled.

The Fur Affinity Twitter has been compromised. We're doing everything we can to regain access, but please do not trust anything posted on there until we let you know here that we have control of it again.
Please tell those you know that they must rely on our Discord for information for now.
Please report tweets made by our account.

It looks like Cloudflare has locked up the hackers' CF account and has parked an anti-phishing page on it. The twitter hacker immediately went mask-off with anti-furry hate, changed the name of the account, changed the handle—and a nice furry immediately made a new account at FA's old handle so that no one could take it over.

@jriftee8/21/2024, 2:58 AM

this just happened to me. Accidentally went to an old FA tab, got a cloudflare page marking the link as phishing.

Vertxsees @Vertxsees8/21/2024, 1:07 PM

hey thanks for the heads up, I hadn't heard anything about this until this post.

Phorm The Vixdjinn @PhormTheGenie8/21/2024, 2:05 PM

No worries! I'm very glad it reached you.

I'd keep an ear to the ground, as this is still developing. Some folks have added on to my post with shares, so just in case you haven't seen those: FA's bridsite account, and potentially their Discord, are compromised as well. Probably a good time to just wait until this all gets sorted in a day or three.

Pinned Tags