A semi-official update

All bs aside I wonder about that. No kind of computer guru but the way I read that, it said we had already been compromised and they could potentially have a list of usernames and passwords. In that case they might could hack any account you have that uses that same email and password combo. Someone else should read the update and try to make sense of it. I can't be the only person with reading comprehension here

Gullible is not a word in the dictionary

I am so fucking lost on my Michigan news. Do we have team boards on here?!?!

This isn't news exactly but Michigan football sucks

From a person known as "Brad Layne" on Facebook:

"Here's where we're at guys, long and nerdy, but basically our old servers had a vulnerability related to our three internal server trees. This stemmed from a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure our information (though not particularly valuable unless you didn't back up the Fappening).
Essentially it allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users. And that's what someone, but not Wonald!, did. Vulnerabilities in single software or library come and go and are fixed by new versions. However this "bug" has left large amount of private keys and other information exposed. Considering the long exposure we have to start with a completely new system because compromised security keys allow the attacker to decrypt any past and future traffic to the protected services and to impersonate the service at will. Allowing them to do this again and again. Any protection given by the encryption and the signatures in the X.509 certificates can be bypassed. Recovery from this leak requires patching the vulnerability, revocation of the compromised keys and reissuing and redistributing new keys. Even doing all this will still leave any traffic intercepted by the attacker in the past still vulnerable to decryption. So that's why we're starting from scratch. All this has to be done by the owners of the services and they're eight stories tall and crustaceans from the paleozoic era. They're gonna need about tree fiddy."

Well past due update:

So our database got fucked. Then we tried to re-load from our backups, all like 15 of those were fucked. The virus apparently spun the shit out of our disks and just corrupted the hell out of all of our data. I have an idea who did it now.
So we are going to try to hire a data recovery company to get as much as possible back. I don't have an ETA as I just got through to them and we will see how long and much it will be.
Sorry guys, this really does suck and its beyond frustrating for everyone I know. But if we can get at least most of the data back we should be much better moving forward.

Hopefully these guys take over soon as I'm opening a new store next week and the timing isn't great on doing both.

Did they take my post count?