On May 8, 2018, we discovered that a user attained elevated privileges to the site. The discovery was made when we noticed that certain top-level site pages were missing. The breach involved access to the admin dashboard, which includes access to user’s first and last names, and email address. There were 32 users who posted comments during the time of breach. It also allowed the user to post and approve spam comments on the site.
We are making this announcement to notify any and all members who commented on posts that this user may have been able to access their first and last names and email address. We will send a follow-up email to the 32 users who left comments on our site in the past letting them know about the breach. Our email newsletter was not a part of this breach as it is managed outside of this site.
To avoid future mishaps:
- we added multiple layers of improved security to the site
- we are disabling comments for all future posts, due to a lack of engagement
We will send this notice out to the newsletter and follow-up with the affected individuals separately.