2 posts tagged with "security"

Hi larp community! A thing happened that we should tell you about. You're receiving this because you've logged into at least one convention website running in NEIL Hosting (Intercon, Be-Con, Festival, Bubble, etc).

While reviewing the code in the Intercode open source project, we discovered a backup of the Intercode production database. This backup was publicly available for about 6 weeks between September 18 and November 3, 2022.

We do not store payment card data in this database. In addition, we use industry-standard password hashing to protect passwords. Nevertheless, we recommend that you change your password as a precaution. To change your password, please visit: https://www.neilhosting.net/users/edit

We do not have any evidence that this data was accessed, and we have taken steps to remove it from the Internet. However, we also have no way to prove that the data was not accessed.

Hey all. This thing happened we should tell you about.

While performing platform upgrades, we found a bug in Intercode, the website code used by conventions such as Intercon. It has since been fixed.

This bug created an exploit where people with leadership access to one Intercode convention could use certain permissions on any convention. As a reminder, not even admins have access to your passwords or financial information.

Due to the technical complexity of accessing the exploit and the small number of people who had the permissions required to take advantage of this, we don’t think it was used, but can’t prove it.