Hackers Destroy Fur Affinity Art Gallery Website

A well-known and widely followed online hub of furries community called Fur Affinity disappeared from the web. The furries community is a group of people having a keen interest in anthropomorphic animal characters like foxes and wolves. The hackers wiped off all sorts of content including art submissions and user profiles from Fur Affinity website, which actually is an online gallery that allows users to upload music, art, and written content.

It is quite possible that they also stole email addresses and hashed passwords. The website’s self-proclaimed Director of Operations, who uses the nickname Chase, stated in an announcement on the site’s discussion forum that “the attackers access to personal user data, such as encrypted passwords and email addresses.”

This announcement was made on Friday while by Saturday morning, a user having the profile name Fender clarified that the passwords have already been reset. Fender also revealed that the site has been facing issues since early on in May as researchers identified some technical flaws and vulnerabilities in the ImageMagick library. Attackers were able to exploit this weakness and run arbitrary code to hack the website by downloading the site’s source code prior to patching of the website by the admins.

According to MotherBoard, after exactly a week, the site’s administrator, who uses the name Dragoneer, heard that users at an anonymous convention were selling the site’s source code on USB sticks and the same day their site was hacked again. In this next phase of attacks, the site’s content was deleted by the attackers. However, the site’s security team prevented key data like notes and journals from being deleted.

Dragoneer explained on the site’s forum last week that the team was busy investigating the selling of their website’s source code “somebody launched a second attack against the site using information gleaned from the source code.”

“At this time, we do not know who executed the attacks on this site. An analysis of the attack vector used suggests these individual(s) were experienced attackers and not casual bystanders,” states Fender.

Using a backup, the team was able to restore Fur Affinity on 11th may and therefore, the damage isn’t too much.

Here is a series of tweets from Fur Affinity official Twitter handle about the breach: 

Furiarossa And Mimma/DeviantArt

Related Posts