Archive server breach follow-up
Posted: 2019-07-12, 11:12
With the help of some of our community members, we've been able to narrow down when the data breach occurred to a much more recent date: Somewhere between April (last known good state) and the start of June (when the server's usability was destroyed) in 2019. It also makes a lot more sense this way as obvious infections would not go unnoticed for such a long time, normally, which was a very puzzling notion. The infection dates and times were obviously forged.
This makes the actual risk for users who have downloaded from the archive server much less with the much smaller timeframe.
Only old versions were infected, which either means this was on purpose or the hackers got interrupted. With the short timespan after before the server became inoperable, it's likely they returned, doubled down, and destroyed the server to the point of non-bootability to hide their tracks.
Please, still do treat anything you downloaded from archive.palemoon.org before with care. In case of doubt, delete the installer and fetch a fresh copy from archive.org or the newly set up archive server. As always I do recommend you only run the most recent version of Pale Moon to keep your browsing a safe experience.
This makes the actual risk for users who have downloaded from the archive server much less with the much smaller timeframe.
Only old versions were infected, which either means this was on purpose or the hackers got interrupted. With the short timespan after before the server became inoperable, it's likely they returned, doubled down, and destroyed the server to the point of non-bootability to hide their tracks.
Please, still do treat anything you downloaded from archive.palemoon.org before with care. In case of doubt, delete the installer and fetch a fresh copy from archive.org or the newly set up archive server. As always I do recommend you only run the most recent version of Pale Moon to keep your browsing a safe experience.