XSS attack! – We are back :)

1 min read

Hey Guys,

As some of you may have noticed, there has been an xss attack on our site since yesterday. You may find that your profile data has been changed. We are trying to restore this. To prevent further problems we are taking the site down.

We apologize to our users for taking the site down in the middle of the contest. On a brighter note, this gives us an opportunity to make ourselves stronger. 🙂

We will be back soon.

UPDATE: We are back. We apologize for the prolonged downtime. We have tried our best to restore your data back and ensure that this does not occur again. However, we have not been able to update a few of your profiles, whom we request to update manually.

Please send a mail to feedback@codechef.com in case you still face any issues or suspect any malicious activity.

The contest will be extended to make up for the lost time.

Keep watching this space to know what actually transpired.

Team CodeChef

Become A Leader For A Change In Your Campus

Twelve years ago, CodeChef boarded on a challenging yet rewarding journey to elevate the programming culture of India. The idea was to nurture a...
2 min read

CodeChef Announces New Prize Structure For Cook-Off & LunchTime

Participating in CodeChef contests doesn’t come without goodies, be it the redeemable Laddus or the prospect of rating up. Now it gets even better!...
1 min read

CodeChef Releases Its Annual Report Card For The Community…

The CodeChef’s Birthday extravaganza continues as we enter the last week of March. Throughout this month, we have been putting together all sorts of...
1 min read

13 Replies to “XSS attack! – We are back :)”

    1. It was taken off-line only to prevent the users’ data from being tampered. We are restoring back the data of as many users as we can. We will be back soon. Also the contest will be extended.

        1. I agree to CoolRavi.I think it is dangerous, because I also connect Facebook account to Codechef. If hacker get my auth token, he can steal my facebook info and give to malicious party. If Codechef cannot explain why XSS attack happen and if it can happen once more, I don’t think it is safe for me or any other programmer. It is bad that Codechef cannot find root of such bug. Please tell me how to delete account. I try hard to find, but not find any way of deleting Codechef.

          1. There was a security loophole in the site that the hacker exploited to change the data of some users. The loophole allowed the hacker to attach Javascript code in the input fields on the profile page which when rendered was executed. It was a standard XSS attack and it is a bit of shame for us to harbor that loophole for so long on our website. We apologize for the inconvenience caused to you all. It has been fixed now and we can assure you all that your data is safe with us.

Leave a Reply