As of October 10th I was made aware of a drop of FA data that was stolen in the May attack of 2016.
You know the attacked that resulted in user accounts being broken into, the reset of everyone's account not to mention the roll back of the server by a full week.
Yeah that attack, it seems the hackers have gathered much more data then was previously thought or reported by site staff, turns out that the Trouble Tickets have just been released as of September 30th 2016, this drop was discovered by my friend redacted who showed it to me, I then looked it over for myself, what I discovered is that there is sensitive data within the Trouble Tickets.
Yup that's right, you read it right, many users have submitted to staff their personal information the have included ID's, DL's, and possibly passports with several of this links still working to link to images of people with their form of identification.
I realized very quickly that this was a huge issue for the community, we all knew that hackers had gotten passwords and usernames from the hack, but we didn't know what else they grabbed if anything, as it turns out that grabbed quite a lot, using the intelminer link provided above you can download the .jsons files for tickets and open them in a notepad, these tickets go back years, at least back as far as 2012, maybe much older, so years worth of links to people getting their accounts age un-locked by submitting images of their photo ID.
I quickly decided that Staff have to be made aware as well as the sites users, I opened a trouble ticket on the 10th of October when I first discovered these Tickets were legit, discovering my own tickets listed in them, as well as my own suspensions listed in the suspension list.
In the screenshot you can clearly see Dragoneer state they are looking into it, but quickly closes the Ticket regarding the issue as being dealt with, I responded first asking if he would let users know, expecting a rather quick response due to the ease of confirming if Tickets are actually Tickets from the site, I waited a day before I commented again letting him know I was reopening the ticket until he actually did something about it to address the user base and inform them as well as leaving shouts on his page.
He ignored them for days, during the time I began to warn users who's info I discovered via notes and my own Journal of the TT leaks, being sited and having my journal removed several times for "COC" infractions, like telling users to make journals and warn other, even to message Dragoneer about it, I edited these points and re-posted the journal with a footer directed to staff.
I got a hold of several users who's info is still up last I checked, one user told me they didn't care and posted a journal about such.
Shortly after I was suspended for 3-4 days for "harassment" to staff for leaving shouts and "acting hostile" when staff removed shouts from their page.
I had enough, it had been days since Dragoneer responded and was clearly trying to make all efforts to warn users as hard as possible on me to give me to give it up, so I resorted to Twitter, uploading a series of screenshots I had taken as a precaution should Dragoneer go back to trying to hide things to prevent a shitstorm, I ended up also creating an image to highlight what was in the ticket leaks, my tweet is linked below
After some time I Tweeted at FATransparancy and they helped get the word out to their followers, I had previously worked with several on FATransparancy in the past regarding the "Renashe leaks" and knew I could trust them, it was around this time that a user on Twitter asked me if I had made an account by the name of 404anonymous, I looked into what they were doing while logged out, I discovered they were trying to warn users as well, it was a freshly made account by someone, they had uploaded my image of the user Pupdude's ID leak as well as making their profile info and journal just a list of links I had supplied on twitter, the account appears to have watched people very rapidly to attract people to their page before being very quickly banned in about an hours time, with all their info and posts being removed, I have included the link to the account as well as a screenshot just shortly after the account was banned.
They appeared to have limited success, several shouts thanked them for the warning, others being completely oblivious and just thanked for the watch, seemingly too self absorbed in themselves.
I am still trying to reach out to whomever created that account to ask them what was the reason given for their swift ban, with no success on that front as of the time of this post, it's been 6 days now and am due to be un-suspended shortly and still Dragoneer has yet to address the community regarding these leaks.
I decided that enough was enough, I have since filed a complaint with my attorney general in California, the staff have not filed a report with the attorney general and thus have not fulfilled their legal obligation according to CA law on data breech reports.
As a further note and update to this story, shortly after being un-suspended I was then banned, while my account on FA states I was "suspended" I can assure you I was in fact banned, staff seem to think I have or had some connection with with the account of 404anonymous that was banned shortly after creating an account and posting the info I released on Twitter,
I've sent them an email asking what evidence they have to prove their claims, I know I didn't create that account so I'm looking forward to hearing it.
It's also come to my attention that anyone on the site reporting about the leaks as had their Journals taken down and promptly suspended or possibly banned, like myself.
FN version with included images https://beta.furrynetwork.com/journal/3942/
As a note to the staff here on weasyl I will be happy to edit my Journal should anything be of issue regarding the TOS or COC of the site, I just wish to spread the word to the user base of FA about these leaks since FA staff are now clearly trying to suppress and hide the fact.