Import Message Regarding all past and present Ukulele Underground Accounts

rayan

Ukulele Underground Staff
UU+
Joined
Nov 25, 2007
Messages
2,391
Reaction score
56
Location
Kauai HI
Hello Ukulele Underground members,

In the spirit of transparency, I wanted to personally inform you of an issue that may potentially involve your account information at Ukulele Underground, UU+, UU Marketplace, UU forums, UU affiliates, and Islandmusicnetwork.com members.

What happened:
On August 3rd we noticed some issues with the server, specifically on the public UU forums. On August 9th, I discovered evidence of an attack and unauthorized access to data on our servers and in our databases. The attack was primarily focused on the UU forums, but the attack may have gained access to other services we provide as well including UU+, the UU Marketplace, and Island Music Network.

What information was involved:

The information that may potentially have been accessed includes, Names, email addresses, and hashed passwords, private messages sent through the UU forum, ip Addresses.

NO credit card information for UU+, Marketplace, or the UU Forum was accessed as all transactions are processed securely via a 3rd party. We do not store credit card information on our servers.


What we are doing:


Once we became aware of the attack, I searched for and removed the malicious code from the website. I contacted the security services we employ for our servers to run multiple anti-virus, anti-malware scans of our servers. All of which came back clean.

A vulnerability of our sites was that we were hosting multiple applications on a single server. We now have separated the applications to their own respective installations and any potential future attacks will be siloed and not affect other services we provide.

What we recommend you to do:

If you signed up for or created an account on any of the following sites prior to August 9 2018 (ukuleleunderground.com, forum.ukuleleunderground.com, market.ukuleleunderground.com, islandmusicnetwork.com)

1. Change your password for your Ukulele Underground Account (or other affected service).
2. If you used your Ukulele Underground Account password for other services, change those passwords as well. (I recommend using a password manager to create unique passwords for every service you use online). If you already use a unique password for all online services, you are fine just changing your UU passwords.
3. Avoid clicking on links or downloading attachments sent by suspicious emails


I sincerely apologize that this incident occurred and I know how stressful it can be to receive an email like this.

If you have any concerns or questions, you may email us directly at questions[AT]ukuleleunderground.com and we will do our best to answer any and all of your questions.

For more information, please visit:

https://ukuleleunderground.com/security-issue-faq/

Sincerely and humbly,
Ryan Esaki
co-founded Ukulele Underground
 
Top Bottom