I think the main www.blogger.com and pro.blogger.com should have at least a pointer to information on status.blogger.com about the hack, and all users should be contacted.

Particular attention should be paid to the paying Pro customers.

Why isn't there a notice on Blogger.com about the system being compromised? When I logged back into my account, there wasn't any information there, either. It's my impression that status.blogger.com is just for techies, and everyday users don't visit there. But Blogger has never let all users know about the status of ftp user account information as well as credit card info, seeing fit to sort of sweep this under the rug. It's disturbing how irresponsible they are.

Blimey, I smell a goose

Like Sept. 11th all over again?

Dude, what the fuck is wrong with you? How can you imagine that a fucking WEBSITE being hacked is in any fashion similar to a loss of life?

Idiot.

Edited by author 10-25-2002 05:06 PM
Will you be emailing users whose accounts were affected?

Better yet, email all users, letting them know if they were affected or not.

Yes, turns out things weren't nearly as bad as they looked. We're fairly confident, while the attack affected a lot of users (um...all), it was relatively trivial compared to what it could have been. All information like ftp servers, etc., is in a different database than the one compromised. And we had a backup of all the data that was changed within a couple hours.

Thanks.

New update by EV at http://status.blogger.com/


Update: We have found the cause of the vulnerability and have patched it. Everything is back restored and back online with the exception of the API server and bSTATS.

I suspect it's progressing by Blogger ID number since I am very far from being "a big name" but was an early Pro subscriber.

I managed to get in touch with Jason Shellen an hour ago who let me know that they were on the case.

One thing this has highlighted (for me) is the lack of obvious means to alert Pyra if such an event occurs. Automated help systems are hopeless in such circumstances.

Edited by author 10-25-2002 02:20 PM
It would appear that Blogger's status page has now addressed the problem. http://status.blogger.com/

This is like September the 11th all over again.

To summarise Anil's findings: it seems to have hit a lot of the earliest bloggers first (indicating it may be progressing by Blogger ID number, or else they're going after the bigger names). If you can log on, you should probably remove your host server and ftp password from the Blogger database now.

There's no indication that this data is being used; but it seems a good precaution to take at this stage.

I've put up screen-caps of what I saw when I was logged into Blogger when the problems started happening at http://www.plasticbag.org/images/extra/hack.pdf, http://www.plasticbag.org/images/extra/hack2.pdf and http://www.plasticbag.org/images/extra/hack3.pdf

I've been tracking this for about half an hour, and Ev's aware of the problem now. Details here.

From what I can tell - I can still publish. The field in the Blogger database that holds my blog URL is hacked - I Can't do a "View Web Page" within blogger. If I surf directly to my page it works fine.

I can't update the field from within blogger because of the "full DB" error.

We're not locked out, but our default home URL is changed to "hacx0redbyme", so we won't be publishing until we can change it, which we can't because the Blogger DB is full and won't allow it. What sux the most is the absence of any kind of info on status.blogger.com

Hi. It'd be great if we could keep the discussion here to "operational announcements" and links to other, more reputable sources of info. No conjecture without a link to a source, please, no flaming about services or people, no elbows, ear-biting, or giant inflatable hamburgers.

Thanks!