SRB2MB Security Breach: What Happened, How We Fixed It, and How We’re Minimizing the Chance of It Ever Happening Again


But... Everyone just wants to do what -they think- is good and or right...
If only that were the case. Sadly it's actually a rarity



Yeen of corpulent size
Freaking hackers man...

At least y'all recovered the message board, even if that meant rolling it back to an earlier state.
I have now enabled 2FA on my account just to be on the safe side. (Didn't even know this forum had 2FA tbh, i always use 2FA where possible.)


Cobaltn't 's Unwanted Twin, The Sapphire Blur!
Thank god thats over with, now if ya'll excuse me i'll be continuing to make 1.5.4 and soon enough 1.6 after the second trailer of this upcoming direct!


Amelia 🏳️‍⚧️
This was totally something I did not expect to happen to this site like at all, having been in this game's community for 3 years and not seen anything like this made me think nothing like it would ever happen during my stay on the community.

Boy was I wrong.


yes, the most they could get out was potentially email address and the birth date you would have entered yourself, and chances are they didn't really acknowledge your existence and took notes of bigger names instead.

At least that's what SeventhSentinel told me when i asked, but it's safe to say that your passwords and whatnot personal info were inaccessible.

Still, this does serve as a lesson to practice good internet security, gain any status and it's just gonna get more likely that something like this happens to you.


Don't pointlessly bump threads. You don't have to post whatever comes to your mind.
Conspiracy Theory:

Nintendo hacked the servers.

Don't know why my mind thought of this but... okay
do we know if that email information was accessed or not (other than administrator accounts)? trying to get a read on whether or not i should consider my address to be leaked, leaning on "yeah this was a massive security event"
Last edited:


waiting for avatars to be fixed
do we know if that email information was accessed or not (other than administrator accounts)?
We don't know who was accessed, if at all. We just know that the permissions that the attackers had by then was the ability to see email addresses.

From a security point of view, it would be wise to assume all of them were seen. Like in pretty much any breach event, you know.

Who is viewing this thread (Total: 1, Members: 0, Guests: 1)