Forums

Some of you may have noticed that dozens of MyAnimeList accounts have recently been compromised, including some high-level moderator accounts. We have restored control or locked these hacked accounts and are working around the clock to minimize damage and prevent future attacks. We apologize for any inconvenience that these events may have caused.

Because high level accounts were compromised and passwords can be stolen just from viewing certain pages, there is a possibility that your own account information may be insecure. There are several actions you can perform to minimize the chance of any damage occurring to your profile or list:

• If you feel your account or a friend’s account has been compromised, please use the report function, or go onto our irc channel, #myanimelist (web client) and contact a staff member.
  
• Back up your list by using this page to save an export file.
  
• Change your password regularly using this page or your profile settings, and verify that your email is correct and current.
  
• Use a proper internet browser that supports script blocking extensions (i.e. Opera + NotScripts, FireFox + NoScript). Disable third-party javascript if your add-ons support it.
  
• Block the following domain in your browser or security blocklists: http://www.rolli-bolli.de/*

Compromised accounts have generally been defaced or used for spamming and impersonation. If you suspect your account has been hacked, change your password immediately, and contact a moderator so they can temporarily lock or reset your account.

If you see any unusual comments or forum spam, do not reply or even view the posts if possible since they may contain password-stealing code. Change your password immediately if you suspect you’ve visited a malicious profile or post. We actively remove spam but there may still be posts around. Investigating on your own will likely just make you an easy victim. Please let us know about any hacked accounts/defaced clubs, but let a moderator handle it after that. We will do our best to restore any lost data, but prevention is your best defense. If you have any questions, feel free to log onto our IRC channel using the link above.

All has been quiet for the last few days. Xinil and Crave are confident that the vulnerability the hacker had been using is now closed, and MAL is now much more secure than it previously was. Still, if you encounter any suspicious behavior, please bring moderator attention to it using the report links.

During the rush to close vulnerabilities, it seems that the BBCode parser was broken. Because of this, you may notice straight HTML instead of BBCode when editing and it will corrupt your edits of forum posts, profiles, comments, etc. If possible, avoid editing or previewing anything you enter in bbcode until the bug can be resolved. You should be able to post normally the first time, however.