IMPORTANT: All MOULa Users

[Tsar Hoikas]

FYI. All MOULa users. It has come to my attention that the administrator of the "Minkata" testing shard has been retaining your accounts passwords in plain text. This is a major violation of trust and security. Please be sure to secure all your accounts for banking and other websites by changing their password. I further encourage you to discontinue usage of this clearly insecure platform.

[Tsar Hoikas]

My understanding is that, at this time, account registration is disabled on the affected service. Advice remains to change any affected passwords.

[CalumTraveler]

To preface: i'm not happy that this was happening either.

For further information, it appears that the affected accounts are only those recently made, or having tried to change passwords. Existing accounts before this point that did not request a password reset never had their passwords exposed in this specific way. The main issue really seems to be that the way that account creation was recently setup after an update was not as secure as it should have been- resulting in errors cropping up when accounts were being made or modified through the webservice, resulting in passwords being saved in plaintext in a supposedly temporary error document. As previously mentioned, account creation is shut down for the time being until it's fixed.

As far as I'm aware this should not affect a wide majority of users, but that said: Definitely reset your passwords if you share them across platforms and services, especially if you recently tried to make a Minkata Account or requested a password reset.

[CalumTraveler]

The security issue and the errors in account creation have been reported as fixed, and account creation for Minkata is back online. We'll keep eyes on it just incase there's further issues.

[Emor D'ni Lap]

Thanks for the update on that, Calum.

For the record, rarified's explanation of the situation is here: https://forums.openuru.org/viewtopic.php?p=10114#p10114