Dear Biohack.me Community,
We are pissed and dismayed to say that our website server has been compromised. Thanks to tekniklr and bird’s investigation about password reset issues we now know that someone, possibly through a PHP or Vanilla bug, was able to access the server and all our hashed passwords. Did we mention pissed?
Securing and patching the server ASAP is the priority for us. We are also reporting this to the haveibeenpwned site so any less active users will know.
We are telling everyone right away for transparency and so you can secure your other logins. While we hope that everyone uses a password manager and unique passwords on every site that’s probably not going to be true.
Action Item 1: DO NOT CHANGE YOUR BIOHACK.ME PASSWORD — until we give the all clear it would still be compromised. When we give the all clear, don’t use a password that you use on other sites.
Action 2: If you use your biohack.me password on other sites (which is way more common than we like to think), please go change those passwords.
We’ll keep you updated here.