-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
We have been made aware of the bug that allowed an outsider to view marketplace
private messages and we believe that the community has the right to be made
aware of what information was obtained and what was done to mitigate the issue.
!----- What did the attacker obtain? -----
1) Marketplace PMs not older than 30 days, up to ID 2609452. IDs are not always
sequential, as 218,000 messages were obtained.
*** Conversations who did not receive a message in the last 30 days were not
affected, as they were automatically purged *****
2) List of user IDs + username (nothing more).
!----- What steps have been done? -----
The attacker was paid for his findings, and agreed to tell us the methods used
to extract such information. Our developers immediately closed the loophole in
order to protect the security of our users.
!----- Anything else? -----
No other information was obtained. All your forum PMs, order information, BTC
addresses, etc. are safe. Only recent (less than 30 days) PMs were obtained.
!----- What to do now? ------
No action is required from anyone, but we remind everyone to ALWAYS ENCRYPT
SENSITIVE INFORMATION such as addresses, BTC addresses, tracking numbers,
etc.
Thanks to everyone for being a loyal customer, and to apologize to the community,
we will be offering 20% discount on Escrow fees for the next week on all marketplace
orders.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBCgAGBQJYhLn6AAoJEOAZpE/dncxmydsH/Rt8HfmRbBWd9Q1ZrMjNRLgu
D+Kyx5uFWugRA8ieWww+xErl3IPK3+JgM0/r9WKGnjLIjm9YC9TuKFMwUPDJLo4f
/z/om/qEbCiPOu0q3+2/W4mF4k81t/+5rhM966gMvOtEgBsE163u7WSTW7mHOh4K
fPNTYyyWZ1tS9XLOnUS+2VDAKe9L73lekPi/KntM9DDLtKc3EWMv+05PwQrZSkUn
jfvKc1NAPYjmesLuNuifH7eMo2FbAwjS5YySXf+Wb0WzVD5rVMXyxg5tr0+6pO7L
1eAbloyBnk5gCydAZlTgo3f6pOfFtyZTai4xkPae220h2/842GoWlZZaBC3+GBY=
=uLM7
-----END PGP SIGNATURE-----
This is basically just a solid reminder to not leave any sensitive opsexy information un-encrypted. Still a major fuck up but anyone with sense has nothing to worry about and now its been fixed with an apology, not bad.