You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have been self-hosting revolt for a while now, always only exposing the website, api, january and autumn to the internet. Other sevices like mongo were hosted behind a docker virtual network with no ports linked to localhost or internet.
Updating revolt today, after not touching it for a few months, revealed that my revolt DB was gone. Inspecting the container with mongosh shows the following:
READ__ME_TO_RECOVER_YOUR_DATA> db.README.find()
[
{
_id: ObjectId('677dd540b44cd9b314b4cc0f'),
content: 'All your data is backed up. You must pay 0.0041 BTC to bc1q8***********************em In 48 hours, your data will be publicly disclosed and deleted. (more information: go to http://********** paying send mail to us: *********@onionmail.org and we will provide a link for you to download your data. Your DBCODE is: ********'
}
]
I censored most of the information in case the data is publicity available, that could include accounts, messages, and password hashes, I guess?
Anyway, I am not very mad, the data was mildly sensitive and backups helped me get back right before the incident. This is more of a prevention than a rant, do whatever you want with this information.
Note: it seems that the VPS revolt was run on did not suffer any other damage than the mongodb container itself.
The text was updated successfully, but these errors were encountered:
What happened?
Hello,
I have been self-hosting revolt for a while now, always only exposing the website, api, january and autumn to the internet. Other sevices like mongo were hosted behind a docker virtual network with no ports linked to localhost or internet.
Updating revolt today, after not touching it for a few months, revealed that my revolt DB was gone. Inspecting the container with mongosh shows the following:
I censored most of the information in case the data is publicity available, that could include accounts, messages, and password hashes, I guess?
Anyway, I am not very mad, the data was mildly sensitive and backups helped me get back right before the incident. This is more of a prevention than a rant, do whatever you want with this information.
Note: it seems that the VPS revolt was run on did not suffer any other damage than the mongodb container itself.
The text was updated successfully, but these errors were encountered: