-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 8chan Incident Report for September 25, 2015 A data leak was present in the JSON replies for OP posts. Many were inaccurately reporting that the issue was in 8archive, but this was false. Actually the JSON replies that 8archive was reading were buggy. See this commit: https://github.com/ctrlcctrlv/infinity/commit/5d8bd516e904191621321f313b5e777eef1594ba If a board has unique IDs enabled on 8chan, the IDs are calculated and are unique for (thread id, poster IP, board name). If any one of those changes, the ID changes. However, this bug caused the set to be (poster IP, board name), but only for JSON replies. JSON replies are used by some user scripts (including main.js), 8archive, some mobile applications, et cetera. The most damaging part of this bug was that it caused the unique ID of posts to be able to be looked up on 8archive.moe and tied to all threads a certain IP created on a certain board. After it was reported to us (Drybones and I), we worked quickly to patch the bug. I fixed 8chan's side to put the proper ID in JSON replies, and together with Drybones wiped 8archive clean of all IDs on IP posts. Thanks to our quick teamwork and coordination, this data is lost forever unless archives were made of specific search pages. However, we believe that less than 0.001% of 8archive search results were archived pre - bugfix. - -- There was a separate issue with banners.8ch.net displaying the output of phpinfo() instead of the actual content. This is because it had to be rebooted and Apache started before nginx. Apache has been uninstalled, sorry for the inconvenience. Banners are back now. - -- Thank you for your continued support -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWBG0/AAoJEBDdyYOQGqGDk0QP/0FLEwZJXHjCacrJnYo+Vcsy s1HoyFtZ1BFCzQYHrI6jDBTkApkMONDYt4ZCsroOG/cAy4rC44eBvxWgQ6gQibXD SYtcwLOgZgBA7mSumeeLFwKyVmR7WH9IY9jIEXfUUHS4tpu8VhdjORpp/2HOUE7k 9UCKbeP/EB2zAoIzzkZRUcXocLU71yq+L109qWCe7kOvz4ufDUVbClpxWGJMQq5r pW0pAr32FMROdGSpQMQ82mOS8+/YyT8aQN3upa+vycUltJ9mObXw3vKB/1qNMH3k lTZjtAlvz5cIa9SbIFqeNY5C4H0uSNAVaURobKTLaggZy6t7kFwzadTy2jdnF0zV K6wwprnjW0xdtpHEyxMc6JZ4K/Xy7w5OxSKvEyp6CsDmvWW+GOPounls4H0S+aGz oPNqb84DJthsbk/W3cUnnWQK1j5fk39n+O6PWUUGmQ3MUEjIScsPDdXcwEeWU/rJ KOhVCCIgJywBxzQHjB0XkSXgtLh1/YqghxsjTs/8jIZYVCdyM/Gr7WAr6FCSdfl8 u8asYbwIdycXuJ/Lhig3zQTLQyZqCINl+bxbY480dqwJlcx0s3MzuQzdwSgQFcT2 l6Dp7SywORnOJtIzsWcN7el4EI1q/u73p9bpqTXgYIup3bosAL2TCa72K2QF7D/z lSgaDlF+1ODQIyb93sdr =/r0M -----END PGP SIGNATURE-----