Fur Affinity attack results in privacy violations
Fur Affinity users are demanding answers after intruders stole and posted private message histories of over 40 users, including site owner Dragoneer and several staff.
All regular administrative access has been removed, and Dragoneer says it will not be restored until all problems are found:
Until we're 100% sure that the entire admin backend is revised, checked, double-checked and triple-checked we're playing it safe
The leaked notes appear both authentic and comprehensive, dating back to 2005, and their contents are already the subject of widespread debate.
Many well-known members were marked as "deceased", had journals posted under their names, and had their galleries deleted during the attack. Screenshots from Fur Affinity's administrative forums, subsequently suspended, were also posted.
Initial comments suggested that a cross-site scripting vulnerability in the trouble ticket system was used to compromise an administrative account. However, it has also been suggested that passwords from the last week's Gawker database leak may have been used to gain access.
Update (21 Dec): Dragoneer has posted more information, confirming the trouble ticket issue but denying Gawker's involvement.