LASACTF - Security breach - Please read the contents of this email. View this email in your browser Dear LASACTF Competitors,



We must regretfully inform you of a security breach that has occured on our website. A brief explanation is below, and we plan to send more details in a follow-up email. If you use your LASACTF.com password on other websites, we recommend that you change the password on each relevant account.



At approximately 2 PM CDT Tuesday, March 22nd, a dump (text file) containing critical LASACTF data was posted to the competition chat. This was a snapshot of the entirety of the LASACTF database, which included usernames, emails, first and last names, city/state location information, and hashed and salted passwords. Please note that the hashed and salted passwords do NOT contain plaintext password information - we used the bcrypt algorithm to hash and salt each password. This means that a malicious attacker would not immediately have access to a password, but could possibly determine the password through a time-consuming brute-force attack.



We are currently investigating the nature of the attack. At this point, we do not know whether we will be postponing or even cancelling the competition. We will keep you updated as we uncover more information and make decisions.



Again, we recommend that you change your login password on other web accounts if they share the same password you used to register with LASACTF. This is a precautionary measure to ensure that no attacker would be able to determine your password using the dumped information.



We would like to apologize for this security breach. We will keep you updated on any new developments.



Sincerely,

LASACTF Team