2015-01-27, 08:25 PM
Hello,
Around 5 hours ago we were made aware that somebody had gained unauthorised access to our @MyBB Twitter account. The account password and email address had been changed so we were unable to re-gain access.
We then had reason to believe that somebody had also gained unauthorised access to a staff member's community forum account, which gave them access to a thread containing the password for the Twitter account. You may notice that effone is currently banned and .m. was banned for a short time earlier; this was a short term reaction to the issue to prevent any further unauthorised access and not a direct action against these two team members (.m. was banned as a precaution while we ascertained which account had been compromised). Please be assured that neither team member did anything wrong.
At the moment we are working to ensure effone's account is fully secured before re-enabling it. We are also in the process of trying to recover our Twitter account.
We have no reason to believe that this was caused by a vulnerability in MyBB, or that any data on MyBB.com has been compromised; it appears no actions were performed with the account while it was being accessed. A possible explanation is that account details were exposed via a compromise on MySkins, however this is unconfirmed and just a theory at this stage.
When we know more information, a further update shall be posted. Please bear with us while we sort things out. We also apologise for any content posted on the @MyBB Twitter account while we work on regaining access.
Thanks,
Matt
Around 5 hours ago we were made aware that somebody had gained unauthorised access to our @MyBB Twitter account. The account password and email address had been changed so we were unable to re-gain access.
We then had reason to believe that somebody had also gained unauthorised access to a staff member's community forum account, which gave them access to a thread containing the password for the Twitter account. You may notice that effone is currently banned and .m. was banned for a short time earlier; this was a short term reaction to the issue to prevent any further unauthorised access and not a direct action against these two team members (.m. was banned as a precaution while we ascertained which account had been compromised). Please be assured that neither team member did anything wrong.
At the moment we are working to ensure effone's account is fully secured before re-enabling it. We are also in the process of trying to recover our Twitter account.
We have no reason to believe that this was caused by a vulnerability in MyBB, or that any data on MyBB.com has been compromised; it appears no actions were performed with the account while it was being accessed. A possible explanation is that account details were exposed via a compromise on MySkins, however this is unconfirmed and just a theory at this stage.
When we know more information, a further update shall be posted. Please bear with us while we sort things out. We also apologise for any content posted on the @MyBB Twitter account while we work on regaining access.
Thanks,
Matt