On August 3rd 2018, we noticed some issues with our server, specifically on the public UU forums. On August 9th, I discovered evidence of an attack and unauthorized access to data on our servers and in our databases. The attack was primarily focused on the UU forums, but the attacker may have gained access to other services we provide as well including UU+, the UU Marketplace, and Island Music Network.
What information was involved?
The information that may potentially have been accessed include, Names, email addresses, and hashed passwords, private messages sent through the UU forum, ip Addresses.
NO credit card information for UU+, Marketplace, or the UU Forum was accessed as all transactions are processed securely via a 3rd party. We do not store credit card information on our servers.
Was it fixed?
Once we became aware of the attack, I searched for and removed the malicious code from the website. I contacted the security services we employ for our servers to run multiple anti-virus, anti-malware scans of our servers. All of which came back clean.
A vulnerability of our sites was that we were hosting multiple applications on a single server. We now have separated the applications to their own respective installations and any potential future attacks will be siloed and not affect other services we provide.
What we recommend you to do:
If you signed up for or created an account on any of the following sites prior to August 9 2018 (ukuleleunderground.com, forum.ukuleleunderground.com, market.ukuleleunderground.com, islandmusicnetwork.com) we recommend the following:
- Change your password for your Ukulele Underground Account (or other affected service).
- If you used your Ukulele Underground Account password for other services, change those passwords as well. (I recommend using a password manager to create unique passwords for every service you use online). If you already use a unique password for all online services, you are fine just changing your UU passwords.
- Avoid clicking on links or downloading attachments sent by suspicious emails
- Do not send money to anyone threatening you with your information via email.
What are hashed passwords?
Hashing is a method of securing passwords by converting user submitted passwords into long strings of random characters before saving to a database. This makes it incredibly difficult (but theoretically not impossible) for someone to decipher.
What are you currently doing to ensure the security of my?
We have siloed each application to its own server which prevents cross contamination. We scan our servers daily to cross check for malicious activity.
We have cut down the number of admin accounts that have the ability to install software on the servers.
How did the attackers get in?
Evidence appears to point to an attack on an old admin account for the forum which gave access to the admin control panel for the forum. This account has since been downgraded and does not have access to features used in the last attack.
If it was just the forum, then why is my UU+ / island music network account affected?
In 2017, we migrated all of our websites to a new VPS provider. Upon migration, the applications were all installed into a single control panel. They have now been separated and are running independently of each other.
I canceled my UU+ account am I still affected?
Unfortunately yes, when you cancel a UU+ account, your username and password are still left in the database to allow you to easily return to the service.
How do I delete my account and all information?
Please contact support at firstname.lastname@example.org
How do I change my password in UU+?
after logging in, click the ‘my account / profile’ link in the UU+ dashboard menu
How do I change my password for the UU forum?
Click ‘settings’ in the top right corner of the screen. in the left column under ‘my account, you will see a link to edit your email and password
For all other questions and concerns, please contact us.
We sincerely apologize and will do our best to prevent this from happening again.