Topic: [RESOLVED] furaffinity.net URLs/ Links Compromised; FA Twitter account hijacked!

Posted under General

~ Twitter account situation is resolved.

~ Furaffinity.net situation is resolved, ongoing investigation, site back online.

https://imgur.com/a/ahGk6ZCAt present do not try accessing the Website URL has potentially been hijacked.Wait for for further information to be posted on the site discord.Discord link: discord.gg/furaffinity

luffy

Today at 11:24 PM
ELI5 version:
Someone is trying to trick people by making our website take them to a site that isn't Fur Affinity (e.g. they can make furaffinity.net show their own content rather than our website). This fake website could look like anything but might be designed to look like ours to steal your information.

For this reason, we urge you to not "log into" or visit the site until we follow up.
Please refrain from spreading misinformation or speculation and acting as experts on the situation as it furthers confusion and causes added stress. If someone asks about the situation, redirect them to this channel.

luffy

Today at 11:38 PM
@here The website may appear to be back to normal for now, but it’s still under threat. The hijackers have temporarily reverted it to our website, but they can switch it to whatever they want at any moment. Please do not interact with the website.

Reminder: Your personal information is secure and has not been affected.

luffy

Today at 12:21 AM
From tech:

"we have two events: original nameserver change and then the change being reverted. these happened around half an hour apart. as in, when I got online to handle things the changes have already been reverted back by the attacker, but things didn't work because cloudflare locked it's service. all this time the website was loading with an SSL error (not having certificate for https) was the time it was pointing to original cloudflare and our domain settings. they just have been locked, and as soon as I unlocked them things start working again.

at no point in time, as far as I can tell, did FA domain resolve to an actual valid webpage which could have grabbed session data."

In other news, I have to go to bed for my human job. Sorry all. Will update first thing in morning.

---------UPDATE 1

luffy

Today at 8:34 AM
@FA Pings

* The situation is ongoing.
* We are in works to regain ownership of the account.
* Cloudflare was not accessed, our registrar was.
* Your personal information and passwords are safe.
* We advise you to not use the site until further notice. (ELI5 version pinned in

⁠💬┆general-convo ).

luffy

Today at 11:28 AM
@FA Pings They are attempting to make the change again. Please do not try to access Fur Affinity, and we will update when we can.
Aaand they changed it back to us again - we do request you continue to not access FA regardless.

---------UPDATE 2

luffy

Today at 2:51 PM
@FA Pings More information has been posted to our Twitter: https://x.com/furaffinity/status/1826013482971468025?t=LAy_ZAdNg9jBKpnVvd9OPg&s=19

The reason Fur Affinity went offline around at 12:48am is due to someone hijacking our account with @netsolcares. Even though we worked quickly to correct the situation, their customer support has stated they cannot lock or freeze the account and we have to wait 24-48 hours for proper assistance. We have contacted them multiple times expressing urgency in this matter, and they've responded saying there is nothing they can do even though we have proven without a doubt that we are the proper owner and the account has been hijacked. This is a serious security issue and oversight on their side. Refusal to take this issue seriously has caused undue stress and misinformation to spread. We need action now to get the domain back into our control. This is unacceptable that customer support at @netsolcares can identify a hijack but not stop or freeze the account immediately.


Fur Affinity 🏳️‍⚧️ (@furaffinity) on X
The reason Fur Affinity went offline around 12:48am is due to someone hijacking our account with @netsolcares. Even though we worked quickly to correct the situation -🧵
Twitter•Today at 2:48 PM

luffy

Today at 4:21 PM
@everyone We invalidated all login sessions for security reasons. Do not log back into Fur Affinity until we greenlight it. Nothing is currently affected. This is a preventative measure.

luffy

Today at 4:42 PM
Logins are disabled.

luffy

Today at 5:18 PM
@everyone The Fur Affinity Twitter has been compromised. We're doing everything we can to regain access, but please do not trust anything posted on there until we let you know here that we have control of it again.
Please tell those you know that they must rely on our Discord for information for now.
Please report tweets made by our account.

---------UPDATE 3

Xanaecor

Today at 6:37 PM
Due to recent unusual level of DM activity that has occurred in this server, only friends will be able to contact each other further as a precautionary measure for the next 24hrs.

As always, please be weary of accepting friend requests from people you do not know. @everyone

Xanaecor

Today at 7:14 PM
We are aware that our Twitter (X) username has been changed and that the original was reclaimed by Whanos as a safety precaution to help our community. We are in contact and working with this user. Please do not direct any misplaced harassment toward them. @everyone

---------UPDATE 4

luffy

Today at 7:53 AM
Great news @everyone! We’ve connected with all necessary contacts and finally made progress in recovering our domain. The tech team has regained control and temporarily locked down the site while they double-check everything and continue to move things forward.
With that said, I’m actively working on ways to manage the sudden influx and unrestrict the server. Please understand that it’s highly unusual to gain members at this rate, and I’m not particularly experienced in handling it, so things might get a bit messy. I kindly ask everyone to be patient and respectful, not only toward each other but also toward our volunteer mod team. If things become too chaotic, we may need to restrict access again. Thank you for your cooperation.

---------UPDATE 5

Momma Sciggles

Today at 7:09 PM
The twitter is officially back in our hands thanks to @Whanos 💖 @everyone

Have a wonderful night.

luffy

Today at 7:30 PM
If you are still seeing inappropriate posts on our Twitter, it is likely a caching issue. Please clear your Twitter cache and they should disappear - or wait awhile and they'll go away. Thank you!

---------UPDATE 6

Xanaecor

Today at 11:12 AM
Good Afternoon!

Yesterday, after meeting for several hours with Network Solutions (our domain registrar), they finally agreed to our demands to lock our account and revert changes made to our domain name’s NAMESERVER configuration. This lock also prevents anyone from signing in and making further changes. A fraud investigation has been launched on their part, and upon conclusion, our account will be fully released to us and we will receive more information on how this hijacking occurred. Our domain is directing traffic correctly.

While the bad actor was in control of our domain between Tuesday, August 20th at 12:47AM ET and Wednesday, August 21st at 2:28PM ET, they redirected our traffic to other websites and they set up an email server to receive any emails that were sent to any of our @furaffinity.net accounts. If you sent any emails to our @furaffinity.net accounts during that time, then the bad actor has those emails, we did not receive them, and you should act appropriately to secure and protect your information. Furthermore, any emails sent from @furaffinity.net during that time would have been sent by the bad actor and should not be trusted. The bad actor never had access to our actual email accounts, any previous emails, nor data we have previously received.

It is important to stress that the Fur Affinity web server itself was never compromised, and the bad actor never had access to any private information therein such as our user and server data (It's as if someone stole your home address and had your mail and visitors routed somewhere else. Your house and everything inside is fine, only the address and incoming/outgoing mail were affected). As a precautionary measure during the incident, we invalidated all current login sessions and you will need to log back into your account.

✨🌟🎉 FUR AFFINITY IS NOW ONLINE AND MAY BE ACCESSED SAFELY! 🎉🌟✨

Furthermore, as of last night (August 21st at 9:53PM ET), we have regained access to our Twitter account, and with the help of Whanos (@KernelJunkie), reclaimed our username (@FurAffinity). And as of this morning (August 22nd at 10:45AM ET), we also secured Dragoneer's personal Twitter account.

We have also been made aware of various sources claiming to have identified the bad actor responsible for this attack. We have no way to verify that these accusations are accurate, but will continue to share all information with the FBI. With that said, we want to remind everyone that we have a zero-tolerance policy toward harassment, no matter the circumstances. Recently, there have been instances where speculation has led to individuals being harassed, even if they have no proven connection to the incident.

It is important to note that Fur Affinity, with direct insight into the situation, has not conducted its own investigation. We are leaving that responsibility to law enforcement. Speculation only spreads misinformation and causes harm, so please be cautious about what you share or believe online.

We kindly urge everyone to avoid engaging in further speculation or harassment. It is the role of law enforcement to determine the facts and make decisions, not ours.

Finally, we want to extend our deepest gratitude to all of you for your unwavering support during this incredibly difficult time. Your kindness, patience, and understanding have meant the world to us as we've navigated these challenges together. We are committed to continuing to foster a creative and welcoming environment for all, and it is your strength and solidarity that make our community truly special. Thank you for standing with us. @everyone

Updated

kora_viridian said:
I've been getting some weird errors when trying to access FA, over the last hour or so (it is now 23:25 2024-08-19 US-Los Angeles time, or 06:25, 2024-08-20 UTC). The first errors came from Cloudflare, saying Cloudflare is currently unable to resolve your requested domain (www.furaffinity.net). More recently, Firefox itself is giving me an error page, saying An error occurred during a connection to www.furaffinity.net. Cannot communicate securely with peer: no common encryption algorithm(s). Error code: SSL_ERROR_NO_CYPHER_OVERLAP.

Since not all of us are on the FA Discord, please post updates here if you have them. Thanks!

I will try, added the invite link to furaffinity's discord.

ryu_deacon said:

luffy

Today at 11:24 PM
ELI5 version:
Someone is trying to trick people by making our website take them to a site that isn't Fur Affinity (e.g. they can make furaffinity.net show their own content rather than our website). This fake website could look like anything but might be designed to look like ours to steal your information.

For this reason, we urge you to not "log into" or visit the site until we follow up.
Please refrain from spreading misinformation or speculation and acting as experts on the situation as it furthers confusion and causes added stress. If someone asks about the situation, redirect them to this channel.

luffy

Today at 11:38 PM
@here The website may appear to be back to normal for now, but it’s still under threat. The hijackers have temporarily reverted it to our website, but they can switch it to whatever they want at any moment. Please do not interact with the website.

Reminder: Your personal information is secure and has not been affected.

luffy

Today at 12:21 AM
From tech:

"we have two events: original nameserver change and then the change being reverted. these happened around half an hour apart. as in, when I got online to handle things the changes have already been reverted back by the attacker, but things didn't work because cloudflare locked it's service. all this time the website was loading with an SSL error (not having certificate for https) was the time it was pointing to original cloudflare and our domain settings. they just have been locked, and as soon as I unlocked them things start working again.

at no point in time, as far as I can tell, did FA domain resolve to an actual valid webpage which could have grabbed session data."

In other news, I have to go to bed for my human job. Sorry all. Will update first thing in morning.

luffy

Today at 8:34 AM
@FA Pings

* The situation is ongoing.
* We are in works to regain ownership of the account.
* Cloudflare was not accessed, our registrar was.
* Your personal information and passwords are safe.
* We advise you to not use the site until further notice. (ELI5 version pinned in

⁠💬┆general-convo ).

luffy

Today at 11:28 AM
@FA Pings They are attempting to make the change again. Please do not try to access Fur Affinity, and we will update when we can.
Aaand they changed it back to us again - we do request you continue to not access FA regardless.

updated (8:34am , 11:28am)

Well that's shocking, is there any official updates on this? Every time I try to access the site it just bring me to some strange merch shop.

Eep, I tried logging in before I found out about what was going on. Hopefully I'll be okay? Fingers crossed.

Hope they get it sorted soon, what a horrid time for all this shit to happen

I would probably also make this a news pin for E621 so people know not to press FA Links

MAJOR UPDATE

According to a new announcement from the site admins on the FurAffinity Discord, the FurAffinity Twitter Account HAS BEEN COMPROMISED.

As of right now, the only reputable place to get updates is the FurAffinity Discord server (discord.gg/furaffinity). DO NOT TRUST THE TWITTER ACCOUNT UNTIL FURTHER NOTICE FROM FURAFFINITY STAFF.

atomicblaze21 said:

MAJOR UPDATE

According to a new announcement from the site admins on the FurAffinity Discord, the FurAffinity Twitter Account HAS BEEN COMPROMISED.

As of right now, the only reputable place to get updates is the FurAffinity Discord server (discord.gg/furaffinity). DO NOT TRUST THE TWITTER ACCOUNT UNTIL FURTHER NOTICE FROM FURAFFINITY STAFF.

inb4 the Discord server also gets hacked

Hold up!

Don't we have ridiculously talented cat-furry-hackers to help us with this?

Also, what's this about them redirecting FA's links to The Washington Post and their articles talking about furry pedos?

Like The Washington Post —the same organization that defended tons of serious child molesters from being pulled out from their holes and into the public's attention— is one to talk.

Glaring double-standard, for both the Washington Post and FA's hijacker. To top that off, this hijacker's perpetuating the false idea that 80% of furries are pedos, when anyone could say that about any large-scale community.

Poor execution of attack.
Not even a good troll by troll-standards.
1/10 They're lucky I even give one star, because this is probably either a teenager, or an exceptionally sad and immature adult.

Updated

I think it's important to say to unfollow the Fur Affinity twitter account and not interact with any posts while the account is compromised. By commenting, you're giving these bastards exactly what they want: Attention.

Also: Admins, is it possible to put a banner or notice on E621 about the Fur Affinity situation?

atomicblaze21 said:

MAJOR UPDATE

According to a new announcement from the site admins on the FurAffinity Discord, the FurAffinity Twitter Account HAS BEEN COMPROMISED.

As of right now, the only reputable place to get updates is the FurAffinity Discord server (discord.gg/furaffinity). DO NOT TRUST THE TWITTER ACCOUNT UNTIL FURTHER NOTICE FROM FURAFFINITY STAFF.

As a aside all active login sessions have finally been kicked and login functionally has been disabled, according to the discord announcements.

edu2703 said:
I think it's important to say to unfollow the Fur Affinity twitter account and not interact with any posts while the account is compromised. By commenting, you're giving these bastards exactly what they want: Attention.

Also: Admins, is it possible to put a banner or notice on E621 about the Fur Affinity situation?

I agree, a banner would help warn people.
Im sure many e621 users use FA and vice versa

I can't wait for these guys to find out the thing about lots of furries being hackers isn't a joke

nathmurr said:
Also, what's this about them redirecting FA's links to The Washington Post and their articles talking about furry pedos?

Like The Washington Post —the same organization that defended tons of serious child molesters from being pulled out from their holes and into the public's attention— is one to talk.

Glaring double-standard, for both the Washington Post and FA's hijacker. To top that off, this hijacker's perpetuating the false idea that 80% of furries are pedos, when anyone could say that about any large-scale community.

Poor execution of attack.
Not even a good troll by troll-standards.
1/10 They're lucky I even give one star, because this is probably either a teenager, or an exceptionally sad and immature adult.

Is it even the legitimate WP site/article?

Also, this person is indeed fucking sad. Unfortunately, I have serious doubts about FA being able to regain control of their Twitter account, given how Twitter's been being run (and who by).

You know, for a hacker that hates furries: he sure does have alot of furry shlong saved on his computer to spam the twitter with.

eldfjall said:
Is it even the legitimate WP site/article?

Also, this person is indeed fucking sad. Unfortunately, I have serious doubts about FA being able to regain control of their Twitter account, given how Twitter's been being run (and who by).

look at the bright-ish side, this means that FA may start using bluesky or mastodon

the_shinx said:
Welp, the FA twitter is gone, for now at least.

They changed the @ to "ilovekiwi4lunch"

Edit: Looks like someone else managed to change their account to @furaffinity lol

Last I checked FA now sends you to a WSJ article about alleged 'furry pedos' so you know this whole thing is just some pathetic loser with no life who's just trolling the community. Goddamn anti-furs really piss me off. What kind of absolute worthless degenerate seriously goes around doing this? Do they have nothing else going on in their stupid life? What a complete was of oxygen, I'm looking forward to the site being back to normal soon.

disposableyeens said:
Is my information at risk?
Are there any measures I should take?

They did not have access to FA servers. However, if you had entered your login details at any point since the first announcement, it is best that you reset your password after it is safe to access FA again.
If you had used the same email and password for other websites (a very bad practice to begin with), then you will need to reset those as well.

thegreatwolfgang said:
They did not have access to FA servers. However, if you had entered your login details at any point since the first announcement, it is best that you reset your password after it is safe to access FA again.
If you had used the same email and password for other websites (a very bad practice to begin with), then you will need to reset those as well.

If your password is the same password you use for other sites, change it.

Not just for furaffinity, like in general. Don't do that.

oceanman666 said:
url, as of now, currently redirects to kiwi farms

They're either mad that their crypto scam failed before it began or someone else got access to the accounts

no-one-you-know said:
They're either mad that their crypto scam failed before it began or someone else got access to the accounts

Maybe they just really like kiwis

Anyways though, I'll definitely be changing my PW on FA, I used to use the same one for everything, but have been slowly making every one unique, but haven't gotten to changing it on FA 💀

ryu_deacon said:
https://imgur.com/a/ahGk6ZC

At present do not try accessing the Website URL has potentially been hijacked.

Wait for for further information to be posted on the site discord.

Discord link: discord.gg/furaffinity

---------UPDATE 1
---------UPDATE 2
---------UPDATE 3

This is just crazy... o.o

I hate to admit it, but I fell for it...

What should I do?

Updated

no-one-you-know said:
They're either mad that their crypto scam failed before it began or someone else got access to the accounts

After a quick search, Kiwifarms is a harassment forum, one with a long history

oceanman666 said:
url, as of now, currently redirects to kiwi farms

Apparently kiwi farms just put a notice up that they're not involved, not sure how trustworthy it is considering the source though

no-one-you-know said:
Apparently kiwi farms just put a notice up that they're not involved, not sure how trustworthy it is considering the source though

It's a harassment group, they're absolutely involved

markiefox said:
It's a harassment group, they're absolutely involved

That doesn't automatically mean they're involved in this. They don't seem to want anything to do with this situation, to the point where they apparently closed all registration temporarily.

vorelover132 said:
That doesn't automatically mean they're involved in this. They don't seem to want anything to do with this situation, to the point where they apparently closed all registration temporarily.

Looking at kiwifarms right now seems to point towards them not being involved from the looks of it.

just the fact alone that the hacker(s) tried so hard to connect the hack with kiwi farms tells me without a reasonable doubt that it ain't kiwi farms

not to give them any credit for subtlety but those dudes are the exact type of edgelords who would think it's so cool to make it a stealth-ops, and all the kiwi imagery and direct links just smack of some loser trying to give themselves "credibility" that they just don't have

jaythedarklatex said:
Looking at kiwifarms right now seems to point towards them not being involved from the looks of it.

Yeah they seem to be freaking out about this too, ironically they probably want to keep a mostly low profile

Now the hacker has furry hackers and kiwi farms angry at them

no-one-you-know said:
Yeah they seem to be freaking out about this too, ironically they probably want to keep a mostly low profile

Now the hacker has furry hackers and kiwi farms angry at them

This will not end well for them.

no-one-you-know said:
It's like kicking a hornet nest then immediately punching a killer bee nest

Exactly.

And now kiwifarms is making fun of this person's apparent moral line. Honestly getting me interested in the situation by the second.

jaythedarklatex said:
Exactly.

And now kiwifarms is making fun of this person's apparent moral line. Honestly getting me interested in the situation by the second.

Oh kiwifarms whining about other peoples' morals is hilarious given its founder was kicked from the 8chan moderation team for being TOO pro-CSAM.

warlordofpeace said:
I mean, they twitted how they payed for it, and there's a screenshot of them losing 300k

Rule #1 of compromised accounts: Basically everything they say is a lie.

warlordofpeace said:
I mean, they twitted how they payed for it, and there's a screenshot of them losing 300k

If they have 300k and they spent it on a furry art website, then they're an idiot. Look, I like FA, but it ain't worth 300k.

tarrgon said:
Rule #1 of compromised accounts: Basically everything they say is a lie.

Internet users: I think I'll believe everything I read, there's no such thing as lies

they didn't even get the actual site, just the domain name registrar account, as far as can be determined right now

So anyways, I don't use twitter, nor will I ever dare join the FA discord... What's the current state of FurAffinity? Is it still pwned, am I still free from its clutches??????!!?!!

warlordofpeace said:
I mean, they twitted how they payed for it, and there's a screenshot of them losing 300k

Funny and stupid if true. The fact that it just makes them look like a total dipshit almost makes me believe it because why the fuck would you share that if you knew what you were doing.

nathmurr said:
Hold up!

Don't we have ridiculously talented cat-furry-hackers to help us with this?

I wish m8 Seigedsec disbanded after their last hack on the heritage foundation

geez... just one after another. i rest my case about this year getting crappier cause it just keeps going. what a mess...

👆🏽 Ditto. Fingers crossed.

If the worst case scenario happens, would other sites like Inkbunny, SoFurry, and maybe even e621 fit in FA's shoes to become the main hub for furries?
I know there's also DeviantArt, but I know some like me who don't want to interact with it that often because of unpopular changes, but it's also a hub for artists.

I cant wait to see the jokes of the people about this, It is the least that FA CEO deserve for years of mismanagement and now giving away user information cause their negligence, They sleep on their laurels of more and more restrictive and stupid rules, for our "security" and now this happens?! I sincerely hope that the top tier artists of FA have not suffered a reduction in their PayPal assets, or not There will be God who will have mercy on the owners of the page, but no one will forget this blow and I hope it hurts them to remember it.....

nadie_importante1066 said:
I cant wait to see the jokes of the people about this, It is the least that FA CEO deserve for years of mismanagement and now giving away user information cause their negligence, They sleep on their laurels of more and more restrictive and stupid rules, for our "security" and now this happens?! I sincerely hope that the top tier artists of FA have not suffered a reduction in their PayPal assets, or not There will be God who will have mercy on the owners of the page, but no one will forget this blow and I hope it hurts them to remember it.....

FA's CEO fucking died, my dude.

Watsit

Privileged

nadie_importante1066 said:
I cant wait to see the jokes of the people about this, It is the least that FA CEO deserve for years of mismanagement and now giving away user information cause their negligence, They sleep on their laurels of more and more restrictive and stupid rules, for our "security" and now this happens?! I sincerely hope that the top tier artists of FA have not suffered a reduction in their PayPal assets, or not There will be God who will have mercy on the owners of the page, but no one will forget this blow and I hope it hurts them to remember it.....

The FA owner died about a week or so ago, and his friends/family/loved ones have been busy trying to deal with the finances and logistics of handling all that entails, including his funeral and trying to keep up with FA's bills. Whoever's responsible for this really hit a low blow for timing this attack as they did.

watsit said:
The FA owner died about a week or so ago, and his friends/family/loved ones have been busy trying to deal with the finances and logistics of handling all that entails, including his funeral and trying to keep up with FA's bills. Whoever's responsible for this really hit a low blow for timing this attack as they did.

so....for real?, everything was concentrated on one person?...great, just great...

To think, someone could know this jackass personally, beyond their twitter handle (which does appear to be known to a few due to the monetary amount mentioned), and what they've done...

jaythedarklatex said:
Exactly.

And now kiwifarms is making fun of this person's apparent moral line. Honestly getting me interested in the situation by the second.

An organization of borderline cyberterrorists is mocking how low someone else is willing to stoop? Oh, that is rich.

If KF is telling the truth and they genuinely WEREN'T behind this... that hacker has no idea what's behind the gates they just opened. I almost feel sorry for them... almost.

  • 1
  • 2