March 2025 Data Breach

Announcements
#1

Hey everyone,

We’re still working on tracking down the details, but just so everybody knows we have had a data breach. We aren’t sure of the full extent yet, and will keep people up to date as we discover more, but assume that your passwords have all been compromised.

We currently have no reason to believe that this was targeted directly at our site, as it seems far more likely that it was a general attack targeting Discourse-based websites at random to fish for password/e-mail/username combinations in order to try them on other sites. As such, although you may change your password here if you wish, we do not know enough yet to promise that this new password would not also be compromised. Given the risk of your FoL account being hacked is quite low, I actually might suggest holding off on doing that until we’ve worked with our hosting provider to discover the source and ensure any new passwords won’t be immediately snatched.

As for what you should do:

  • Always use different passwords for different websites. With modern password managers, there is no good excuse not to be doing this. If you haven’t started yet, make this incident your reason to start now.

  • Turn on 2-Factor Authentication everywhere you can. Fortress of Lies offers this service, and it is required for all Moderator and Admin accounts. If you have 2FA enabled, even knowing your username and password will not be enough to directly allow a malicious actor access to your account.

If anybody has any questions, please reach out to me with them. Thanks.

17 Likes
#2

@trust_level_0

3 Likes
#3

Very glad that I definitely use different passwords for different sites mhm

10 Likes
#4

i use passwords for different site but i have the one Common Password for sites that i need to log in to often
and ofc this is one of those sites :sob:

6 Likes
#5

i dont have 2fa on this but i use different passwords for everything so uh

8 Likes
#6

I don’t need 2fa. Mods will know to Han me if I start typing grammatically correct with correct spelling

6 Likes
#7

i mean to be brutally honest I wouldn’t be mad if you re-used a password on FoL on other sites that basically don’t really matter like MU or whatever

the potential damage to you if your FoL account is hacked is just super low tbh

but you really should make sure to use different passwords for stuff like bank accounts, and also 2FA on anything even remotely important

8 Likes
#8

fuck meeeee

2 Likes
#9

let me see what password i use here 1 sec

1 Like
#10

not the right thread for that

5 Likes
#11

thank god i only have a random alt email associated with this site lmao

4 Likes
#12

again if you aren’t already using a password manager just consider this a very friendly reminder that if some rando online forum getting hacked could expose your entire bank account that is BAD and you should start using 2FA and a password manager :slight_smile:

3 Likes
#13

i have the organizational skills of a raccoon so this is A Bit annoying for someone who struggles to password but like
even i know that having 2fa for all of my important stuff is important
thats why i dont have 2fa here :3

8 Likes
#14

I feel like 2fa is overkill for such a random site

3 Likes
#15

inclined to agree

but we have it forcibly enabled for Mods/Admins to help prevent any issues in future

5 Likes
#16

That’s understandably cuz we don’t want noobmaster69 to log onto your guys accounts and potentially look at things they shouldn’t

2 Likes
#17

at the end of the day though your data is in our hands here and so how much you do or don’t value it is ultimately irrelevant

3 Likes
#18

if people want my data they have better ROI by just asking me for it

5 Likes
#19

it’s on us to keep it safe and in this instance we have not

we’ll figure out why, fix that, and move forward better for it

1 Like
#20

isn’t this discourse? how is it your guys