About the hack [View all]

This is an updated version of a message that appeared on our homepage while the site was offline this weekend, which provides a good overview of the hack and our efforts to get the site back online.

The site was first attacked around 4:30PM ET on Tuesday afternoon. This was not a "typical" hack like a DDoS or an attempt to gain control of our web server. Instead, the hacker had found a vulnerability in our forum software.

The hacker exploited that vulnerability in what appeared to be a politically-motivated act of vandalism: A large number of posts were removed and replaced with the words "God Emperor" (a reference to Donald Trump), and a ridiculously over-the-top pro-Trump video was served automatically to all of our visitors. If you're curious you can watch the video on YouTube (WARNING: HATE CONTENT).

The DU Administrators were online at the time when the attack occurred, so we immediately shut down the site in order to block out the hacker and limit their ability to disrupt.

As you know Tuesday was election day, our most important day of the year, so our biggest concern at the time was getting the site back online quickly so our members would have access that evening. We collected some preliminary evidence indicating how the hacker had managed to disrupt the site, and based on that evidence we made what we believed were the necessary changes in order to remove the vandalism, secure the site, and bring it back online. (During that time we put up an admin-only login box to block out the hacker. If you entered your username and password into that box, you did not expose your information to the hacker.)

After a few hours we brought the site back up, but it quickly became apparent that we had not sufficiently scrubbed the site and some malicious code placed by the hacker got executed again. So we took the site offline a second time. Since we had already failed once to secure the site, we agreed it would be irresponsible to bring the site back online again until we were confident that we knew exactly what the hacker had done, and we believed the site was secure. At that point we knew we were not going to be back online for election night, and we suspected it might take days.

It took most of the day Wednesday to figure out exactly how the hacker had managed to disrupt the site, and what user information may have been vulnerable.

It is likely that the hacker had access to certain member information on an account-by-account basis: Usernames, email addresses, and IP addresses. There is no evidence that the hacker had access to our database or the full table of user information.

We believe that the hacker was not able to see your passwords -- not even in encrypted format. But even if the hacker was not able to see your passwords, they may have been able to over-write passwords for some accounts. Put another way: The hacker doesn't know what your password was, but the hacker might have changed it to something that they did know. That is why we are requiring all members to change their passwords now that the site is back online.

We can say for certain that donor data, such as credit card numbers or addresses, were not compromised because that information is handled by PayPal and never passes through to our servers.

As most of you know, we have three employees at Democratic Underground, and only one of us (Elad) is a real programmer who could do the complicated back-end coding to deal with the hack. If our goal was to simply plug the specific vulnerability exposed in the hack, the site would likely have been back online in a couple days. But because we know that there is a sufficiently motivated and skilled individual somewhere out there who has already vandalized our website, we did a much more comprehensive security review to identify similar vulnerabilities to the one exposed in the hack.

We would be remiss if we did not recognize the invaluable assistance which DU member Lithos has provided during this security review. We are very grateful for his help. Thank you, Lithos.

We have updated the site on two levels: Elad has been fixing some of the code in our forum software (with help from Lithos), and we have been working with our web host to implement a higher level of security on their end. Now that the site is back up, we are temporarily limiting access to the site to Star Members only. We are taking this precaution because we want to make sure that we are receiving only legitimate traffic during the next couple days while our new security software “learns” what is legitimate traffic to the site. This limited opening period should only last two or three days.

We know that this has been a long and frustrating process, and the timing could not have possibly been worse. Thank you again for your patience and understanding. And thank you for the tremendous outpouring of encouragement we have received from so many of you.

--The DU Administrators