DrawQuest was launched by Chris Poole, aka moot, the founder of 4chan, back in February 2013. However, after less than a year, in January 2014, Poole announced that his startup had failed.
A few days later, the DrawQuest Team announced that it would try to keep the service running for as long as it could. They’ve managed to do it until now, when cybercriminals compromised “the entirety of DrawQuest.”
“The person(s) used our account to order hundreds of expensive servers, likely to mine Bitcoin or other cryptocurrencies. When we detected this activity, we immediately locked down the account,” the DrawQuest team announced in a blog post.
“Unfortunately we have no way of knowing what, if any, information was accessed by the attacker(s). It’s possible they only used our account to order servers, however it’s also possible they accessed our database, and thus user e-mail addresses, encrypted passwords, and other information,” it added.
Since the company doesn’t have any full-time employees, it’s impossible to repair the damage. As a result, DrawQuest has been shut down.
While there’s no evidence that the attackers targeted DrawQuest users, and while the passwords are properly encrypted using bcrypt, customers are advised to change their passwords as a precaution.
The company has promised to offer a downloadable archive of all drawings, but it’s uncertain when it will become available. It could take weeks or even months.
“It’s a very upsetting end to a long journey. Words cannot describe how crushed, embarrassed, and sorry our team is. Although all of our former employees have moved on to roles at other companies, it can safely be said that DrawQuest and the community occupies a large part of all of our hearts,” the message from the DrawQuest team reads.
“We’ll do our best to facilitate DrawQuesters finding a new home by linking to new forums/apps on our social media pages, and are truly sorry such a wonderful community had to go this way.”
This is actually the second time one of Poole’s projects gets hacked over the past month. In late April, he revealed that someone had managed to breach 4chan. At the time, the attacker apparently wanted to expose “multiple abuses of power and violations of proper mod stewardship.”