https://www.reddit.com/r/trackers/comments/660zu7/ab_database_leaked/
有帳號的請注意啦
補充官方聲明:
Official response:
As some of you may have heard, a database and old development version of our
codebase were recently leaked. This is a serious incident and we'd like to
explain the current situation.
An ex-staff member has leaked a developer staging database dating from
2015-11-20. This database was scrubbed of critical security information
including hashes of passwords, emails (including history), IP addresses
(including history), passkeys (including history), donations, yen log, login
sessions, and user PMs; the individual who leaked the database does not have
access to any of these. Information that was leaked includes staff PMs and
staff notes on user profiles. For some users, these notes and PMs may contain
information such as emails and IP addresses and in some rare cases donation
information from before they were separately logged (pre 2009-06-18).
The leaked code comes from a development branch internally called
upload-page. While developed for some time, it was abandoned around April
2016. The leaked code is an incomplete development snapshot, and the primary
code base has changed substantially since. We believe that this development
branch poses no risk for site security. In addition, since January of this
year, we have drastically updated our security measures, migrating our git
server and making it only accessible to developers as opposed to all staff
members(the code was most likely downloaded just before git server was moved).
While most of our users don't need to take any specific action in order to
secure their account, we would like to remind you that you should use unique
passwords, not reveal your personal information anywhere, and if possible
enable 2-factor authentication.
We will be contacting users who had incriminating information leaked shortly
to provide assistance and additional information and provide all users any
updates as needed.