XSS attack! – We are back :)

1 min read

Hey Guys,

As some of you may have noticed, there has been an xss attack on our site since yesterday. You may find that your profile data has been changed. We are trying to restore this. To prevent further problems we are taking the site down.

We apologize to our users for taking the site down in the middle of the contest. On a brighter note, this gives us an opportunity to make ourselves stronger. 🙂

We will be back soon.

UPDATE: We are back. We apologize for the prolonged downtime. We have tried our best to restore your data back and ensure that this does not occur again. However, we have not been able to update a few of your profiles, whom we request to update manually.

Please send a mail to feedback@codechef.com in case you still face any issues or suspect any malicious activity.

The contest will be extended to make up for the lost time.

Keep watching this space to know what actually transpired.

Team CodeChef

Going For Gold: Meet The IOI 2020 Singapore Finalists…

The 32nd International Olympiad in Informatics is upon us, and now we know the names of the young, Indian coders who made it to...
2 min read

A Learning Program That You Always Wanted!

tl;dr: CodeChef is launching live courses on Competitive Programming, taught by the most passionate competitive programmers, and helped by a great team of teaching...
3 min read

We Expanded Our Kitchen With A New YouTube Channel!

Since the beginning of time, we have aimed to provide various learning opportunities for the community. For the last 11 years, we have done...
2 min read

13 Replies to “XSS attack! – We are back :)”

    1. It was taken off-line only to prevent the users’ data from being tampered. We are restoring back the data of as many users as we can. We will be back soon. Also the contest will be extended.

        1. I agree to CoolRavi.I think it is dangerous, because I also connect Facebook account to Codechef. If hacker get my auth token, he can steal my facebook info and give to malicious party. If Codechef cannot explain why XSS attack happen and if it can happen once more, I don’t think it is safe for me or any other programmer. It is bad that Codechef cannot find root of such bug. Please tell me how to delete account. I try hard to find, but not find any way of deleting Codechef.

          1. There was a security loophole in the site that the hacker exploited to change the data of some users. The loophole allowed the hacker to attach Javascript code in the input fields on the profile page which when rendered was executed. It was a standard XSS attack and it is a bit of shame for us to harbor that loophole for so long on our website. We apologize for the inconvenience caused to you all. It has been fixed now and we can assure you all that your data is safe with us.

Leave a Reply