at approximately 13:30 Moscow time, the site got bugged when loading any page, people began to “log in” to other people’s accounts with full access to everything (upd. they also write about sending comments, apparently just on any request)
30 minutes after the start of the incident, everyone was forcibly logged out and the login action was disabled
2 hours after the incident began, they fixed it and deleted all posts for the last 2 hours
“id”:2308776,”type”:”num”,”link”:”https://dtf.ru/flood/2308776-kratko-chto-segodnya-proizoshlo-na-dtf”,” gtm”:””,”prevCount”:null,”count”:575,”isAuthorized”:false
“id”:2308776,”type”:1,”typeStr”:”content”,”showTitle”:false,”initialState”:”isActive”:false,”gtm”:””
“id”:2308776,”gtm”:null
98K views
27K discoveries
5 reposts
Personal correspondence, drafts, everything has potentially been leaked.
There are posts about fraudulent withdrawal of donations from their accounts during the bug period.
(upd. there was one example of such a conclusion, which turned out to be a joke, I didn’t notice the tag on that post. Potentially, because of this committee error, the opportunity to withdraw other people’s money into your pocket was, whether someone took advantage of it or not, is not so important. In any case, it is the committee’s responsibility to provide evidence whether it was technically possible or not, not mine.)
upd. Relevant for users who have used the DTF API. Tentacle Tenticals noticed that during the buggy period, your API token could also be stolen. I don’t see a “generate a new token” button in the settings, i.e. It is apparently impossible to independently cut down an existing token now. Even if there was such a button, the DTF itself is obliged, just in case, to invalidate on its part all tokens generated before the end of the incident’s duration. It’s broken, it needs to be done now.
FYI if something specific is broken, you can tag @Broken right in the comments, it replies “osnovaUnitId”: null, “url”: ” “place”: “post_inside”, “site”: “dtf”, “settings “: “modes”:”externalLink”:”buttonLabels”:[“u0423u0437u043du0430u0442u044c”,”u0427u0438u0442u0430u0442u044c”,”u041du0430u0447u0430u0442u044c”,”u0417u0430u043au0430u0437u0430u0442u044c”,”u041au0443u043fu0438u0442u044c”,”u041fu043eu043bu0443u0447u0438u0442u044c”,”u0421u043au0430u0447u0430u0442u044c”,”u041fu0435u0440u0435u0439u0442u0438″],”deviceList”:”desktop”:”u0414u0435u0441u043au0442u043eu043f”,”smartphone”:”u0421u043cu0430u0440u0442u0444u043eu043du044b”,”tablet”:”u041fu043bu0430u043du0448u0435u0442u044b”
upd. Well, that’s the whole answer after 5 hours
Friends, as you noticed, our site has experienced a glitch. Basic functionality has been restored, but we are still investigating the reasons. Sorry for the temporary inconvenience.
Deleting posts for the bugged period is the right decision on the one hand, because… there were a lot of “fraudulent” posts under other people’s logins, on the other hand, all legitimate posts describing what was happening were also deleted, this is the only reason I’m posting.
Little consolation, there is a feeling that users were logged in only to a limited pool of accounts; among the posts “I was forced to log into this account,” the same accounts were repeated many times. Perhaps it only affected accounts that were online for DTF during the bugged period, but these are just guesses.
Another consolation, it should be noted that this was clearly not a targeted hack to steal data, but an unintentional failure of the DTF itself.
Mostly there were harmless riffs in the form of shitposting under someone else’s account; the majority only posted about this very problem.
Nevertheless, this is the biggest trash in the entire existence of DTF.
I suggest everyone spam Kontrenko with tags until comments arrive.
I suggest everyone cancel their Plus subscription until an explanation for the incident is received.
I absolutely do not suggest complaining to the RKN. This is a mess. If they really took your money out, then complain to Rospotrebnadzor.
PS I’m in an emergency with Kontsarenko, tagging him under this post is probably pointless, I suggest everyone post in the offtopic/broken/drama posts on the topic of arbitrary content until explanations arrive.
