The issue did not affect any Donut Team account, but we are reporting it here for transparency.
What was the exploit?
A misconfiguration in a piece of our server software allowed the Donut Team website to be embeded on to another website. This allowed malicious behaviors such as embedding our login page to another site and putting transparent text boxes over ours to steal usernames and passwords. This is known as Clickjacking.
We believe the issue originated during migration of the site to a new server.
To our knowledge, this exploit did not impact any Donut Team users, meaning no one's personal details or accounts have been stolen with this method.
Who reported it?
The person who has reported this issue has not given Donut Team the ability to publish their name. As such, we will omit this information unless they ask us to share it.
- Because this issue does not directly relate to the code powering the website, the website's version number will not increment.