Greetings MunchyMC Community,
We were alerted that a staff member’s account was compromised on July 21st around 5PM CST. After being alerted, we quickly tracked down the compromised account and had the account locked and secured within minutes.
As some of you might already be aware, our staff team uses an internal panel called Manage to handle support tickets, ban appeals, and other general profile information. We also have an internal panel for Ares that our staff members use. The unauthorized user was able to look around these sites and perform certain actions with this compromised account. Good news here is that everything on those sites is logged, so we’re able to fully assess the breach.
Most notably:
-
There’s a page on the Ares panel to view recent IP Bans, the compromised account was on that page for 40 seconds before moving onto a different one;
-
A list of all active forum users (along with their email address) at the time of the breach, You will be receiving a private message shortly if you were affected;
-
Staff emails.
We take situations like these very seriously here. We have already identified the unauthorized user and will be contacting their local authorities to see what legal action can be taken.
As a note we do not log, store, or keep customer payment information anywhere on our servers or infrastructure that we manage. So there was never a risk of any information of that nature being compromised or viewed in any way.
We apologize profusely for any inconvenience this may cause, and we will be taking further defensive measures to make sure this doesn’t happen again.
Thank you,
Antfrost