We will be sending the following communication out via email as well as posting on Discord but wanted to make sure we are communicating through all avenues:
It has been recently brought to our attention that on or around July 9th, 2022 the users table in our database was accessed by an unauthorized third party. The information involved includes the login username, email, and hashed password of all users who signed up before the date above. As we only store the hashed version of a password, your passwords and accounts are safe and no suspicious account activity has been seen in our logs. Breaches of this nature are typically intended to gain username & password combinations that users may have used on other platforms rather than to access your Strudel Cafe account specifically.
We are currently taking steps to increase security and auditing capabilities to mitigate potential future incursions; there may be some unscheduled downtime if necessary. We appreciate your understanding and patience as we work to improve the site and our processes.
While passwords are hashed and secured according to best practices, out of an abundance of caution we recommend updating your Strudel Cafe password. This can be accomplished from the Edit Account Info button seen directly after logging in, or you can click here. We also recommend avoiding using the same username and password combinations across multiple sites and you should always change your passwords on a regular basis.
Added note: For more detail, our process for securing your passwords includes salting & hashing which both obscures your password in the database and prevents it from being cracked even if the hash is obtained. A (relatively) simple explanation of the process can be found here for those who would like to learn more about how it works!