In what is a very strange choice by mybb.com administators and devs, they have announced to all blog and forum users that they do not need to reset their passwords as no files or database's was breached. When @UG hacked the site and made the statement on twitter, @Cosmo had stated their may be a dataleak coming, but this never happened. Anyways mybb.com has released the following message.
Following on from our We’ll be back soon post yesterday, I just wanted to provide an update on our recovery efforts as well as address a few of the commonly asked questions. After a comprehensive investigation, including audits of all files on our existing servers as well as an analysis of server and website access logs, we’re happy to confidently say that we do not believe any of our servers were compromised, or our databases accessed. As you’ve likely noticed, access to the MyBB Community Forums has now been restored. Because we don’t believe the MyBB database was compromised, we have opted to not require users to change their passwords on next login. If you’re having difficulty accessing the forums (for example, if it’s redirecting to www.mybb.com, or stylesheets aren’t loading correctly), then please clear your web browser cache and try again. We’re working on restoring access to the MyBB Mods website as soon as we can, however expect the modifications site take another 24 hours before it can be pushed live. Our team are also busy working on relaunching the official MyBB documentation, using GitHub Pages. We’re moving away from MediaWiki and wiki-based documentation primarily because we believe our efforts are best focused on maintaining our core website, forums and modifications site rather than managing a slew of third-party applications (this is the same reason why our blog is now powered by WordPress.com). Because GitHub Pages is directly backed to a Git repository, the entire community can still collaborate to our documentation using pull requests. At this stage, we plan to discontinue the MyBB Ideas site. We believe that through great collaboration on the MyBB Community Forums in our MyBB 1.8 Feature Suggestions and MyBB 2.0 Feature Suggestions forums, together we can build even greater software. It also means there’s one less place to collect feedback from. We’re taking an overly cautious process with the restoration. If we chose to, we could simply flick all services on again, and have the wiki, modifications site, etc live. Instead, even though we’re confident there was no breach of our servers, we’re still handling the situation if there were. Before anything is relaunched, we’re: - Verifying access logs of the site to look for suspicious behavior
- Verifying the content of the sites by comparing them against previously taken backups (both onsite and offsite, and against backups taken recently and those taken weeks ago) and analysing each and every difference by hand
- Pushing the content of all websites to our new servers from an offline copy, instead of our old servers
- Verifying that all of our websites work behind CloudFlare, and implementing caching strategies in CloudFlare to give you even faster page loads
There’s also been a lot of discussion around what legal action we will be taking against those that have attacked us. At this stage, we believe our time and effort is better spent improving and educating users about security, and moving forward with the development of MyBB 1.8, MyBB 2.0, and our rebranding. Again, we want to thank everyone for their support and patience and look forward to moving onwards and upwards! Regards, Chris, Tim, and the rest of the MyBB Team