Yesterday evening on Friday (22nd July), we discovered an illegal and unauthorised intrusion into our network, which was the latest in a series of hacking incidents by individuals who also claim to have targeted Streamyx, CIMB, TV3 and the several other local websites previously. In our case, the hackers managed to retrieve a portion of our blogger account information and released the emails of some Nuffnang accounts.
The breach has since been fixed, and we’d like to address a few key concerns that you may have.
1. Your password is safe.
As part of the existing security measures, all user passwords in our database have always been protected with one-way encryption. Nevertheless, we still encourage you to change your password (especially if you use the same password for other sites) as a precautionary measure in case the hackers are able to get past the encryption.
2. Blog earnings and payment records are not affected.
Current earnings and payment history for all users are safe and were not compromised in any way.
3. Loading of blogs serving Nuffnang ads is not affected.
At 1.00 am last night, our Tech team took down the website for maintenance and for a few hours, ads were not served. This morning though, everything is up and running again and back to normal. All blogs serving Nuffnang ads loaded as usual and were not affected by the breach.
This security lapse is an isolated incident, as the security of our sites has always been and always will be our utmost priority. It has however opened our eyes on some vulnerabilities we had on our website. In response to that, we will be taking measures to further heighten the security of the Nuffnang framework because from what we understand, that was after all the motivation of the hackers – not to cause any permanent damage, but to highlight vulnerabilities in a system.
To the Nuffnangers who made many attempts to alert us once word got out that the Nuffnang site was hacked, we cannot begin to thank you enough.
To the wonderful Nuffnang community, thank you for standing by us in this time of crisis. Your patience and support is something we are thankful for and will never take for granted. We apologize for any inconvenience caused, and for not being able to prevent this breach. We have put dedicated staff to work on this matter, therefore to address any concerns or questions you may have about this incident, please write in to us at firstname.lastname@example.org.
The Nuffnang Team