Wadah Madrasah Pengalaman: IMPORTANT: A Nuffnang Community Announcement

Monday, July 25, 2011

IMPORTANT: A Nuffnang Community Announcement


Dear Nuffnanger,

Hope this email finds you well! We'd like to ask if you could please spend a few minutes of your time on this very important community announcement.
Yesterday evening on Friday (22nd July), we discovered an illegal and unauthorised intrusion into our network, which was the latest in a series of hacking incidents by a group of individuals who also claim to have targeted Streamyx, CIMB, TV3 and the several other local websites previously. In our case, the hackers claimed to have downloaded a portion of our blogger account information and published the emails of some 30,000 Nuffnang accounts.

The breach has since been fixed, and we’d like to address a few key concerns that you may have.

1. Your password is safe.
As part of the existing security measures, all user passwords in our database have always been protected with one-way encryption. Nevertheless, we still encourage you to change your password (especially if you use the same password for other sites) as a precautionary measure in case the hackers are able to get past the encryption.

2. Blog earnings and payment records are not affected.
Current earnings and payment history for all users are safe and were not compromised in any way.

3. Loading of blogs serving Nuffnang ads is not affected.
At 1.00 am last night, our Tech team took down the website for maintenance and for a few hours, ads were not served. This morning though, everything is up and running again and back to normal. All blogs serving Nuffnang ads loaded as usual and were not affected by the breach.
This security lapse is an isolated incident, as the security of our sites has always been and always will be our utmost priority. It has however opened our eyes on some vulnerabilities we had on our website. In response to that, we will be taking measures to further heighten the security of the Nuffnang framework because from what we understand, that was after all the motivation of the hackers – not to cause any permanent damage, but to highlight vulnerabilities in a system.
To the Nuffnangers who made many attempts to alert us once word got out that the Nuffnang site was hacked, we cannot begin to thank you enough.
To the wonderful Nuffnang community, thank you for standing by us in this time of crisis. Your patience and support is something we are thankful for and will never take for granted. We apologize for any inconvenience caused, and for not being able to prevent this breach. We have put dedicated staff to work on this matter, therefore to address any concerns or questions you may have about this incident, please write in to us at security@nuffnang.com.

Thank you.

The Nuffnang Team

No comments: