QuackDuck
Programmer
At an attempt of being as transparent as possible I'm going to share what exactly happened as of this early morning (for me).
Our caching servers broke. If you don't know what caching is let me explain. If not you can skip past this paragraph. Caching is simply a method of optimising the site, this works by creating a local file with your data compressed into a page. If nothing is updated we don't update the file (this saves our servers power as we don't need to keep requesting a new data set.)
As of this morning it malfunctioned and didn't separate people's data. Instead everyone's was updated with the last active persons session. That's why when you went on the site for the first time the next few bunch would login as you. So instead of finding the correct user it just saved everyone's in everyone's areas and kept with that.
This sadly also gave people a login token (which is a unique cookie updated on every login you do) which essentially remembers you. This token was being replaced by the website causing you to additionally login and be able to perform actions this user could do).
Any abusers not respective enough that breached other users privacy will be banned and are being banned. This was not an attack just merely a mistake on something we cannot control.
Our caching servers broke. If you don't know what caching is let me explain. If not you can skip past this paragraph. Caching is simply a method of optimising the site, this works by creating a local file with your data compressed into a page. If nothing is updated we don't update the file (this saves our servers power as we don't need to keep requesting a new data set.)
As of this morning it malfunctioned and didn't separate people's data. Instead everyone's was updated with the last active persons session. That's why when you went on the site for the first time the next few bunch would login as you. So instead of finding the correct user it just saved everyone's in everyone's areas and kept with that.
This sadly also gave people a login token (which is a unique cookie updated on every login you do) which essentially remembers you. This token was being replaced by the website causing you to additionally login and be able to perform actions this user could do).
Any abusers not respective enough that breached other users privacy will be banned and are being banned. This was not an attack just merely a mistake on something we cannot control.