Making a post here because I know some folks here only rarely check their old Bukkit accounts and might have been affected.
Full details are expected to be posted by Curse shortly [Update: Post is here], but here’s the info we know now:
- In late August or early September, the Bukkit forums were compromised and code was added.
- This code was designed to collect usernames/passwords of Bukkit users.
- Anyone who entered their account details since late August potentially had their password collected.
- On November 11, a user discovered the Bukkit forums were compromised (details here) and informed Curse.
- Curse removed some of the problem within three days, but did not inform potentially compromised users.
- Today, the same user who discovered the issue before made that post and shared it.
- An additional piece of code was discovered today and removed (IRC log of the conversation)
,
In summary, anyone that logged in to the Bukkit forums between August 2015 and today (Dec 7, 2015) should consider their password compromised.
[Update: Post is here] Curse will be making the announcement today or tomorrow, by Kaelten’s statement in the above IRC logs.