altHUB under attack Friday 22nd March 2024 19:49:00

Since yesterday, 21 March 2024, altHUB has been under attack. Looking further into logs it looks as though what took our database load balancer offline was in fact a DDoS attack.

This has escalated to what looks like a credential stuffing attack against various altHUB users along with, potentially email enumeration attacks (these are yet to be confirmed)f

With the help of Cloudflare we've enabled additional measures to help mitigate the attack, but we cannot be certain that work arounds may still happen. We're monitoring this very closely. This may result in degraded performance across altHUB services, we're doing everything we can to remain stable. Please see a brief FAQ section below, users are welcome to contact us with questions > https://help.althub.co.za/contact/

Has there been a security breach at altHUB?

No. We've thoroughly reviewed logs and can confidently say that there has been no security incident or breach on altHUB servers.

Why is this happening?

We aren't sure, typically credential stuffing attacks happen to take over acccounts. We saw a DDoS attack once we blocked the initial attempt.

Have affected users been contacted?

Yes, along with accounts being disabled. Affected users are strongly encouraged to update their password, ideally from a password manager, and consider using a different email address.

Updates to follow.

We've made some changes to our login page as an immediate step to prevent issues this from happening again. Users will now have to login using their username.

Posted 1 year ago by admin

All users have been notified with their accounts temporarily blocked.

Posted 1 year ago by admin

We aren't seeing any further impact, however the mitigations put in place via Cloudflare will remain while we work on improving our site to avoid attacks like these going forward.

Over the next few days we'll work on identifying every account that was impacted by this and notify them accordingly. To clarify, no security breach has taken place from altHUB. The attackers used an existing list of email addresses and passwords against our service. If you've re-used a password, have a weak password or just want to be cautious we recommend updating your password and re-generating your API key as soon as possible.

Site performance has returned to normal.

Posted 1 year ago by admin

The attack looks to have slowed, with our mitigating factors implemented last night at around 21:00 UTC. We'll continue to monitor, looks like over the last 6 hours or so database performance hasn't been great.

We'll work on collating affected users to reach out to them.

Posted 1 year ago by admin