XSS attack! – We are back :)

1 min read

Hey Guys,

As some of you may have noticed, there has been an xss attack on our site since yesterday. You may find that your profile data has been changed. We are trying to restore this. To prevent further problems we are taking the site down.

We apologize to our users for taking the site down in the middle of the contest. On a brighter note, this gives us an opportunity to make ourselves stronger. 🙂

We will be back soon.

UPDATE: We are back. We apologize for the prolonged downtime. We have tried our best to restore your data back and ensure that this does not occur again. However, we have not been able to update a few of your profiles, whom we request to update manually.

Please send a mail to feedback@codechef.com in case you still face any issues or suspect any malicious activity.

The contest will be extended to make up for the lost time.

Keep watching this space to know what actually transpired.

Regards,
Team CodeChef

12 Happy Years, The Chef Is A Big Boy…

It’s official! The Chef has turned twelve, and we have to admit that it’s been a marvelous journey so far. Alongside an extraordinarily supportive...
anup
3 min read

The February Cook-Off Is Cancelled

Hey CodeCheffers, as you may know the past couple of short contests that we have hosted had a few glitches, which caused contests to...
riddhi_225
1 min read

Starters – The Newest Contest In The CodeChef Universe,…

11 years ago, when CodeChef broke into the programming scene in India, we were just novices with a dream to build a thriving programming...
debanjan321
2 min read

13 Replies to “XSS attack! – We are back :)”

    1. It was taken off-line only to prevent the users’ data from being tampered. We are restoring back the data of as many users as we can. We will be back soon. Also the contest will be extended.

        1. I agree to CoolRavi.I think it is dangerous, because I also connect Facebook account to Codechef. If hacker get my auth token, he can steal my facebook info and give to malicious party. If Codechef cannot explain why XSS attack happen and if it can happen once more, I don’t think it is safe for me or any other programmer. It is bad that Codechef cannot find root of such bug. Please tell me how to delete account. I try hard to find, but not find any way of deleting Codechef.

          1. There was a security loophole in the site that the hacker exploited to change the data of some users. The loophole allowed the hacker to attach Javascript code in the input fields on the profile page which when rendered was executed. It was a standard XSS attack and it is a bit of shame for us to harbor that loophole for so long on our website. We apologize for the inconvenience caused to you all. It has been fixed now and we can assure you all that your data is safe with us.

Leave a Reply