Notification of data breach in 2016

Discussion in 'Site Announcements' started by sothis, Jul 29, 2019.

Thread Status:
Not open for further replies.
  1. sothis

    sothis Forum Moderator Anime-Planet Founder Developer

    Posted by sothis on Jul 29, 2019
    #1
    Back in 2016 we posted about a data breach impacting our forum, for which we had to temporarily close the forums. It has come to our attention that the scope of this attack was larger than previously assumed. We have been notified that the main site was also affected and a data breach consisting of the user accounts from before or during 2016 has been obtained.

    The information includes: username, hashed password, email address, last used IP address, and date of birth.

    We're sorry about this as we take security very seriously. We are currently investigating if we can pinpoint the exact way this breach happened. However, this occurred years ago in 2016 and we have since replaced most of the legacy systems we had in place back then. We'll keep this thread updated if there are any updates.

    As a precaution we will soon force password resets on accounts made up to, and including, the year 2016. It's good practice to change your password from time to time regardless, even if your account is a newer one.
     
    Narulez, Daisuki, Akanii and 43 others like this.
    Last edited by a moderator: Aug 6, 2019
  2. randomredneck

    randomredneck Well-Known Member

    I last changed my password...
    *Checks watch*
    never. Guess now is as good a time as any. Every 8 years, that's my motto.
     
  3. Soron

    Soron New Member

    Posted by Soron on Jul 31, 2019
    #3
    Oh I remember this, good thing that I update my password every now and then. I think my current password - SexyOtaku69 - is quite solid... :banana:
     
  4. Greebo

    Greebo New Member

    Posted by Greebo on Jul 31, 2019
    #4
    I only found out about this when firefox warned me! Don't you think rather than posting this on the forum (which I don't use) it should appear on the
    Site notification? I shouldn't have to learn about this from a third party.
     
    Last edited: Jul 31, 2019
  5. sothis

    sothis Forum Moderator Anime-Planet Founder Developer

    Posted by sothis on Jul 31, 2019
    #5
    As of yesterday we added a site notification for all impacted users (users with accounts from 2016 or earlier). The run missed a small group of impacted users and our dev team will implement those today.
     
  6. Kari5

    Kari5 Database Moderator

    Posted by Kari5 on Jul 31, 2019
    #6
    They also warned everyone when it actually happened in 2016. If you changed your password then, you should be fine.
     
  7. Greebo

    Greebo New Member

    Posted by Greebo on Aug 1, 2019
    #7
    Well my point was for those like me that don't visit the forum, so no, not EVERYONE was warned back in 2016 because otherwise I wouldn't be here making this point!

    Thank you Sothis for putting the warning on the notification.
     
    Fluffs, Nimeziz and LavanderGirl like this.
  8. Nimeziz

    Nimeziz New Member

    Posted by Nimeziz on Aug 1, 2019
    #8
    Thanks for reminding us..
     
  9. OmegaYami

    OmegaYami Active Member

    it's no secret (anymore) that all data people thought "private" are actually public domain. Don't be to harsh with yourself op, it's widely known that 1984 is our reality
     
    pentamerous and KxNOxUTA like this.
  10. Gamera

    Gamera Well-Known Member

    Posted by Gamera on Aug 1, 2019
    #10
    I've had to change my password three times in the last few weeks because I keep forgetting what it is, so I guess I'm good for now anyway.
     
  11. kokodin

    kokodin New Member

    what a fun news upon reaching over 800 watched anime, i kind of expected a badge notification not password change notice :]
    just keep the good work and try not to slip up again, because it would be a shame to say goodbye. Even if i liked old layout much more you still my number one site about anime
     
  12. oceanicbreezes

    oceanicbreezes Well-Known Member

    So will this affect the people with newer accounts in any way? I will change my password just in case. Thanks for letting is know Sothis!
     
    Last edited: Aug 1, 2019
  13. racle

    racle New Member

    Posted by racle on Aug 1, 2019
    #13
  14. Grizz

    Grizz Database Moderator

    Posted by Grizz on Aug 1, 2019
    #14
    It has no relation to anyone with accounts that signed up in 2017 and onwards.
     
    KnownError likes this.
  15. oceanicbreezes

    oceanicbreezes Well-Known Member

    Ah, thank goodness. My top secret info is safe another day.
    :smile:
     
  16. evilneko

    evilneko New Member

    Member since 2011. Changed my username a couple of times and my password a few times too.

    I don't even remember hearing about this in 2016. Maybe I did, or maybe I just ignored it. I don't think I used the forums back then (I don't use them much now either).

    Fortunately, I don't reuse any of the passwords I've used here for anything that's actually sensitive. Sensitive accounts get unique, strong passwords.
     
    2hands likes this.
  17. airbornefilip

    airbornefilip New Member

    IIRC I changed it few times because password reuse is the real enemy anyway and as someone working in the field, I couldn't excuse myself having 3-4 passwords for everything. Thus, I changed it. Thus, I changed it again and again because goddammit I forgot all new passwords and in order to force myself to learn them, I didn't save them in FireFox. TBH, I'm not 100% I know current one anyway. :]

    And boi, 7ish years on a-p already? When did I get this old? Soon, I'll be retired and then die and I'll forget to delete my secret stash. And its backups.
     
  18. TeeDeeDubYa

    TeeDeeDubYa New Member

    thoughts on my username/password from 2016 => "meh"
    thoughts on some hacker using my account to rate Naruto 5 stars => "pure evil"
     
    KxNOxUTA likes this.
  19. KnownError

    KnownError Member

    Thanks for the heads up, and what a great test of the shiny new site announcements system :)
     
  20. KxNOxUTA

    KxNOxUTA New Member

    I don't have enough memory space for dozens of passwords and username variations :hamster: to be honest. And card pins and security of security of security. Let's all just remove all security and open everything for everyone :frustrat: Nothing to steal with all cards on the table.

    Seriously, all those people plotting anything against other people have somehow steered past the beauty of a simple, open, considerate life. :duck:



    Thank you for mentioning it. Can't say I'm happy with forced PW change but I understand where you're coming from. I'll leave it to my password manager and simply not log in from anywhere but by laptop :lenny:
     
Thread Status:
Not open for further replies.

Share This Page