FYI: Bukkit Forums account compromise

Making a post here because I know some folks here only rarely check their old Bukkit accounts and might have been affected.

Full details are expected to be posted by Curse shortly [Update: Post is here], but here’s the info we know now:

  • In late August or early September, the Bukkit forums were compromised and code was added.
  • This code was designed to collect usernames/passwords of Bukkit users.
    • Anyone who entered their account details since late August potentially had their password collected.
  • On November 11, a user discovered the Bukkit forums were compromised (details here) and informed Curse.
  • Curse removed some of the problem within three days, but did not inform potentially compromised users.
  • Today, the same user who discovered the issue before made that post and shared it.
  • An additional piece of code was discovered today and removed (IRC log of the conversation)

In summary, anyone that logged in to the Bukkit forums between August 2015 and today (Dec 7, 2015) should consider their password compromised.

[Update: Post is here] Curse will be making the announcement today or tomorrow, by Kaelten’s statement in the above IRC logs.


Adding a new post because of important update: