As some of you may have heard, a database and old development version of our codebase were recently leaked. This is a serious incident and we'd like to explain the current situation.
An ex-staff member has leaked a developer staging database dating from 2015-11-20. This database was scrubbed of critical security information including hashes of passwords, emails (including history), IP addresses (including history), passkeys (including history), donations, yen log, login sessions, transfer history, and user PMs; the individual who leaked the database does not have access to any of these. Information that was leaked includes staff PMs and staff notes on user profiles. For some users, these notes and PMs may contain information such as emails and IP addresses, donation TXN (PayPal transaction ID from before it was removed or Blockchain TXD) with donated amount in GBP (in case of Bitcoins logged GBP amount is by exchange rate of when donation was made) and in some rare cases PayPal email used in donation from before they were separately logged (pre 2009-06-18).
The leaked code comes from a development branch internally called upload-page. While developed for some time, it was abandoned around April 2016. The leaked code is an incomplete development snapshot, and the primary code base has changed substantially since. We believe that this development branch poses no risk for site security. In addition, since January of this year, we have drastically updated our security measures, migrating our git server and making it only accessible to developers as opposed to all staff members (the code was most likely downloaded just before git server was moved).
While most of our users don't need to take any specific action in order to secure their account, we would like to remind you that you should use unique passwords, not reveal your personal information anywhere, and if possible enable 2-factor authentication.
We will be contacting users who had incriminating information leaked shortly to provide assistance and additional information and provide all users any updates as needed.