We regret to inform everyone that a staff account has been compromised. As a result of this, an unauthorized third party has been able to access sensitive information on our users. In this announcement we'll elaborate on what happened and how this affects our members.
It was discovered that the user account of a regular (Mod) rank staff m0ember has been accessed by someone other than the staff member in question. Once this was discovered, immediate steps were taken to prevent further access to sensitive information by this account.
The site was not "hacked", all actions took place within the security limits imposed by our site and our database was not compromised. As such, no passwords or password hashes were obtained and the third party was not able to escalate privileges above the level of the compromised account.
By what we discovered of their activity and reports from users we believe that the unauthorized third party may have been affiliated with TaylorMadeClips and Borghese Legal, LTD. Their intentions appear to be to use information obtained to intimidate users into financial settlements through legal scare tactics. Specifically, users who have downloaded or seeded TaylorMadeClips torrents and are within US jurisdiction appear to be targeted. The compromised account appears to have been primarily used to obtain the registered e-mail address for these users, and matched to the grabbed/snatched/peers lists of TaylorMadeClips torrents, to determine targets for threatening letters.
We apologize sincerely to all our members for not being able to prevent this from happening. It's our intention to be as open about this incident as possible. The rest of this announcement will answer a few questions that we anticipate many of you will have.
How long has this been going on? How much information was actually accessed?
We don't know. Site logs are wiped after a short time, which ironically enough we do in order to reduce the amount of sensitive information present on our servers. Recent activity shows access and search actions connected mainly to TaylorMadeClips torrents and users with activity related to those.
How long has this been known?
The activity was uncovered yesterday, we have used the time since then to investigate further, brief staff, and prepare this announcement.
How is this possible? I thought Emp had its security fairly well sorted?
Unfortunately security is only as strong as its weakest link, and the weakest link here is the human factor. As a large site we have over 20 full staff members, and the larger a team gets, the higher the chance that someone will make a mistake affecting others. We make a point of encouraging all staff members to maintain strong passwords and keep their PC's secure, but much of that is impossible to actually enforce.
That being said, from analyzing what has happened it's clear to us that there are things we could have done better to mitigate the impact of this account compromise.
What will you do to prevent this from happening again?
First of all, it's impossible to completely prevent this kind of thing from happening, as also described in the previous answer. Staff need to be able to access certain information and login credentials can be compromised. Everyone on the site should always assume this sort of thing can happen.
However, we will be taking action to greatly reduce the chances of a situation like this happening again:
Reducing privileges of general staff and assigning individual staff members additional privileges as required on a case by case basis.
Recording all staff activity, which will be processed automatically to look for suspicious patterns, as well as regularly investigated by a member of senior staff.
Pushing more strongly for all staff to implement a high level of operational security.
Should I change my password?
Having a strong and unique password that you change on a regular basis is always recommended. However, no password information has been compromised, so if you have a strong password already there is no need to change it.
I wish to rename/disable my account
Please send a staff PM. We will do our best to get to everyone's request as soon as we can.
I have received a legal threat. What should I do?
We are not lawyers, and we cannot give you legal advice appropriate for your specific situation. With that said:
If you believe you are indeed involved in infringing activity, permanently cease that activity and remove all materials concerned from your system.
We suggest you do not reply to the message. Their strategy is to send out threats in bulk in the hopes of intimidating people enough to settle for money and avoid legal action. Replying probably flags you as an interesting target.
It's extremely rare for these things to go to court, and even then they are rarely successful.
Information obtained through the compromised staff account was obtained illegally and as such we don't believe it will be useful in legal proceedings. But again we are not lawyers and cannot give you legal advice. Also keep in mind that this does not apply to torrent peer IP's as those can be seen by anyone who is an active peer on the same torrent.
If you are not comfortable calling their likely bluff, retain legal counsel.
There is some relevant discussion in the comments of this DieTrollDie article.
What can I do to prevent this sort of thing from affecting me?
We have always advocated the use of VPN solutions and continue to do so. An anonymous VPN & e-mail make it impossible for all practical purposes to connect an online identity to your real identity.