At some point recently, Zebra Huddle was the victim of a code injection exploit. The code injected opened a malicious website in an iframe. We believe we have cleared the issue up at this point, but are continuing to look into where the weakness exists that allowed the malicious code to be injected.
From what we are able to tell, the purpose of this code was to get malicious software installed on visitors computers. If this happened to you, I sincerely apologize. If you aren't sure, I will give you some information below about how to check for these things.
We don't believe that this attack was attempting to collect passwords. However, I want to recommend that each of you change your passwords, just to be on the safe side.
I will be checking and making sure that you have to be logged in to post to the site in as many places as possible, to avoid this in the future. I will also be looking into making it harder for bots to register, which will, unfortunately, make it more annoying to register for an account. I was trying to avoid that, but it is becoming a necessity.
A little bit of information about protecting yourself and checking for malware.
One of the best pieces of software for detecting malware is Malwarebytes (
www.malwarebytes.org). There is a free version which will scan your computer for malware, but does not actively monitor for incoming threats. The paid version will actively monitor.
Malwarebytes is windows only. Mac and Linux users, feel free to chime in with suggestions for those platforms, although the probability of the malicious software affecting Mac or Linux users is very low)
Because I suggested changing your password, I would also like to recommend LastPass (
www.lastpass.com) It allows you to have a different, highly secure, password for every site, while only having one password to remember. It works on Windows, Mac and Linux, as well as almost all mobile platforms. Mobile device support is a premium (paid) feature.
Now, hopefully, back to business as usual.
