Alphabay statement on PMs bug (fixed now)
a guest Jan 23rd, 2017 2,410 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
- -----BEGIN PGP SIGNED MESSAGE-----
- Hash: SHA512
- We have been made aware of the bug that allowed an outsider to view marketplace
- private messages and we believe that the community has the right to be made
- aware of what information was obtained and what was done to mitigate the issue.
- !----- What did the attacker obtain? -----
- 1) Marketplace PMs not older than 30 days, up to ID 2609452. IDs are not always
- sequential, as 218,000 messages were obtained.
- *** Conversations who did not receive a message in the last 30 days were not
- affected, as they were automatically purged *****
- 2) List of user IDs + username (nothing more).
- !----- What steps have been done? -----
- The attacker was paid for his findings, and agreed to tell us the methods used
- to extract such information. Our developers immediately closed the loophole in
- order to protect the security of our users.
- !----- Anything else? -----
- No other information was obtained. All your forum PMs, order information, BTC
- addresses, etc. are safe. Only recent (less than 30 days) PMs were obtained.
- !----- What to do now? ------
- No action is required from anyone, but we remind everyone to ALWAYS ENCRYPT
- SENSITIVE INFORMATION such as addresses, BTC addresses, tracking numbers,
- Thanks to everyone for being a loyal customer, and to apologize to the community,
- we will be offering 20% discount on Escrow fees for the next week on all marketplace
- -----BEGIN PGP SIGNATURE-----
- Version: GnuPG v1
- -----END PGP SIGNATURE-----
RAW Paste Data