« Updated: Cligs Got Hacked - Restoration from Backup Started
Restoration Update »

Hack Update: Backup saves 93% of hacked URLs

A little update and more details and answers to questions:

Most important thing: your passwords are safe. They are stored encrypted and were never at risk in this attack.

What’s going on: I’m using this opportunity to move to the new Cligs system as it’s pretty much ready. As we speak and since last night, the data is being imported into the new database. It’s going well, but is slower than we want. Assuming all goes well, I’m guessing we’ll be ready by tomorrow at some point, but could take longer. Remember that’s moving millions of URLs. Once the URLs are moved, a DNS change will be triggered along with a live-sync system (that’s another post) to move to the new platform.

All told, we’ll be on the brand new system with all the data by the weekend. Also, the upshot is that the cleaned up redirects will not be visible until the new system rolls out.

More numbers because, well, we like analytics like this (it’s kinda the purpose of Cligs):

  • 2,188,978 URLs were edited in the attack (that’s the 2.2 million number I quoted earlier).
  • Of those, 2,180,484 have not been deleted or disabled. (Remember when Cligs deletes a clig, it leaves a stub that remembers the actual clig so that it’s not used again in the future.)
  • Of those, only 161,232 are not in the backup. That’s only 7% of the affected URLs. Not bad all things considered. Users will be able to edit those eventually and I’m happy to work with users wishing to do bulk updates to their accounts; details of this process will come after the move completes (one step at a time).
  • These 161 thousand, 95,123 (59%) are not associated with a specific user account. Those are really lost forever, and will change them to redirect to the Cligs home page.
  • Of the 161 thousand that are associated with user accounts (i.e., the remaining 41%), only 2,268 user accounts are affected. This represents a small percentage of the total number of active accounts. Most accounts have a tiny number of cligs affected (the distribution is a classic long tail).

I’ll keep you updated as things progress.

This entry was posted on Tuesday, June 16th, 2009 at 9:01 pm and is filed under Cligs News. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply