Hello!

As you may have noticed, yesterday morning our forums were compromised. Someone logged into the Xenforo admin panel via an administrator’s account and was able to make changes to the forums. Here’s what they were able to do:

• Export a list of usernames and e-mails. As they had no access to the database, we’ve got no reason to believe any password information was stolen. Still, it’s always a really good idea to change your passwords if you use the same one in multiple places. Also, as a general pro-tip, you shouldn’t use the same one in multiple places (I recommend a password manager like Keepass or Lastpass).
• Deleted two large sections of the forum. The ‘Social’ section which contained all of the forum’s non-Chucklefish-related posts, and the section for admin/moderator discussion. Fortunately, we were able to take the forums offline before they could delete everything, which is what it seems like they’d intended to do.

Here’s the really really bad news: unbeknownst to us, it turns out our last backup was in March. So while the ‘Starbound’ and ‘Other Chucklefish Games’ sections remain in tact and mod uploads are fine, we aren’t going to be able to restore the rest of the forums (forum rules/announcements, general chat, non-fan artwork, roleplaying, clans, corps, etc) to where they were yesterday.

I know that a lot of you will be very upset with us over this, and all I can say is that we’re really sorry. The off topic sections have held some of the most active and creative threads on the forums, and losing that many discussions is extremely upsetting to us, too.

Not being more proactive in ensuring we had recent backups is a big misstep on our part. Completing Starbound has been an all-hands-on-deck sort of deal, so it’s been difficult to spare programmers for several days so they can ensure that all’s well with the forums and website. I know that’s not a very satisfying excuse, but it’s the truth, so there you go.

All of that said, here’s my current plan:

1. We’re keeping the forums offline while we fix things. This process may take awhile.
2. Rolling the entire forum back to March doesn’t make any sense – there’s an awful lot of discussion that’s happened since then that hasn’t been effected, as well as changes to the layout of the forums. It also doesn’t make sense to restore posts from March and put them right back where they were before, because… everyone would be responding to posts from March. I’d like to restore the posts from March and put them in an archive forum that people can refer back to.
3. We’re going to rebuild the sections of the forums that were lost and use this as an opportunity to improve them.
4. We’re updating Xenforo and taking steps to ensure that the forums are not vulnerable to future attacks.

This whole situation sucks. I’m sorry that a lot of your posts are gone, and I promise we’ll do better in the future.

In the meantime, if you’re experiencing problems with the new Starbound update please email us here or talk to me in IRC.