Published on December 25th, 2016 | by Firestorm8
Nugget Bridge Update
As you are likely aware, Nugget Bridge was hacked earlier this month with passwords of many of our members released. Unbeknown to us, the attacker accessed our server in May 2016 and uploaded a shell to run phishing attacks from the site. In addition to that, he was able to modify our login form and used it to send what was inputted directly into a text file which is how he was able to release plain text passwords. This is also why the released list of accounts includes names and passwords that aren’t actual accounts at all but instead typoes. I would like to re-iterate that your passwords were not stored as plaintext as some have been insinuating. Invision Power Suite 4.0 uses Blowfish to secure your stored passwords.
This was the latest in a string of attacks against Pokemon websites by this individual. Earlier this year he hit Pokemon Showdown. Last year he attacked Pokebip, the largest Pokemon website in his native France, and then NASA.
If you have not already done so, we urge you to change your password on any sites that you used the same password on. We also encourage everyone to use a service like LastPass (this is now free to use and sync), 1Password, KeePass, or Dashlane to manage their passwords. This way all your passwords can be unique and synced across devices protecting yourself no matter which service you use is compromised.
Now, you’re likely wondering about the site especially given the format it’s back in and the last article date. Even before the hack, Nugget Bridge was languishing. Nugget Bridge would not be possible without all our awesome contributors, but it was also very much driven by its co-founders and senior staff members. With it being a crowdsourced platform, the administration team didn’t feel comfortable with keeping any of the funds raised, so it was run as a hobby website on the side. This worked well when we were either students or new grads but three years later this wasn’t the case.
Last Christmas, we launched a version of the site that could help solve some of the issues we had but time showed it went too far in the other direction. The filtering we did on the original site, though often complained about, ensured articles received the attention they deserved and the new system meant nobody felt their writing was being appreciated. There was no focus. A step in between that would allow us to continue to highlight written work without requiring as much of our resources is something we’ll need to tweak further.
In the meantime, what we have is an archive of Nugget Bridge’s published as it was at the end of 2015. Like most competitive Pokemon players, and most of the world, we’d prefer if 2016 never happened and we’re going to pretend it didn’t. More accurately, the safest way to go back up right now is to use a backup file from before May when the attack happened and though we have one, we don’t think that would be much better when the majority of players preferred this version of the site from just a few months before that. I have the backups of all the content on site and will be able to help recover articles you’ve written in case you don’t have it saved. The forums will be offline until further notice.
We believe a lot of good was accomplished when we operated the site at its peak in 2012 to 2014. We spearheaded a lot of strong communication between the community and Play! Pokemon to help improve the circuit. Our resources, by virtue of having the brightest minds in Pokemon creating them, were best in class. The Nugget Bridge Circuit has changed the online Pokemon tournament scene across the world. Though not without its faults, we are incredibly proud of what Nugget Bridge accomplished. Over the next while, we’ll determine the best way to proceed — whether that’s finding a balance that allows the site to operate without as much overhead or finally laying it to rest.