Some of you may have noticed that the site was down for a couple of hours earlier today. This was unscheduled downtime: we found some security issues on the site today and cut off access to the site to make sure nothing serious had been affected. Possibly, one or more of the Wordpress plugins we run were compromised and we had some malware resident on our servers. To the best of our knowledge, none of this code was ever executed. Even if it was, we believe that at best it may have been someone poking around trying to find issues on our site, and we don’t think they found any.

We have cleaned up all traces of it for now, and we will continue to take down and test parts of the site over the next couple of weeks to ensure that everything is clean. You may see significant look/feel differences, and parts of the site may be down temporarily as we try to clean them up. Consider it a much-delayed spring cleaning :)

At this point, we have a few requests for you folks:

Please do not reuse usernames and passwords across websites! This is the only major data loss possible via Boiledbeans, and we try our best to ensure that your data is safe/secure. We don’t store any sensitive information from you, except your usernames and email addresses. Your passwords are stored hashed/salted too, so we have no way of seeing them. You can never be too careful with data privacy on the internet, and we want to ensure you’re even more paranoid than you think you have to be :)

Let us know if any of the bits of our site are broken! This is usually a very simple way for us to figure out that something’s changed or broken and we can get things fixed immediately. It may even point to larger problems - like malware that’s managed to actually affect something. In case this is something we have ‘scheduled’ or broken on purpose, we’d still love to know.

Flag any spam/senseless comments that you see! Sometimes our spam filters let comments through. Some of these spam comments seem to be from various bots poking around and probing for vulnerabilities, and trying to dump malware on the site. If you see any of these please do let us know.

As always, we’re available at [email protected].

Thanks for your help in advance, and happy quizzing!