Special Statement: Concerning Overnight TSSZ Intrusion

Special Statement: Concerning Overnight TSSZ Intrusion

by September 20, 2017

Late Tuesday night into Wednesday morning, TSSZ was subject to an intricate and malicious attack that impacted our uptime for the balance of the day.

Without revealing critical details, the intruder managed to exploit our backend interface and upload malicious code through our server. We do not believe the code in question was executed.

This afternoon, amid a fresh install of our software, I searched and deleted any files that appeared suspect. A thorough security scan returned a clean record. For that reason, we are back online and operational. We have no reason to believe malicious code infected any of our visitors. Still, if you have visited TSSZ since Monday, September 18th, we urge you to run a virus and malware scan on your computer as a precaution.

No personal data was exposed nor stolen. For your reference, please know that the only personal data seen on our backend are email addresses, and the IP from which you post a comment. In addition, no data critical to the site was deleted. Our thousands of stories–including news published the afternoon before the attack–remain untouched.

I personally have reinforced our site’s security checks in the wake of this attack, and am looking into ways to continue to strengthen our backend and secure what you see every time you visit TSSZ. The safety and peace of mind of you, our dedicated readers, is of paramount priority. No one should ever have to worry about browsing a Sonic the Hedgehog and Sega focused website.

One of those initiatives will be seen in the coming weeks and months: A new design and way to read the news on TSSZ. We have had this paired down, simplistic look for just over two years. While I initially thought it would speed up the experience and put our news front and center to you, it is now clear to me our current look and the porous code behind it has left us slow and vulnerable.  I intended to launch a new look to coincide with the launch of Sonic Mania, but the target date could not be hit. Last night’s attack puts more urgency on me to update, and be assured we will do so in time for the launch of Sonic Forces in November–if not sooner.

While there is no indication this attack originated from within our community, as was the case the last time this site was attacked, it remains my intent to seek all appropriate remedies for this illegal and malicious intrusion through law enforcement.

In the meantime, if you notice anything suspicious on the site–even if loading feels especially slow–please get in touch with us on Twitter so we can investigate at once.