I know it's against EG policy but maybe testing some code before vomiting it out onto here might be a good idea.
Apologies for the delay in responding to this thread. We've been looking into the problem and I can report the following:
- During the Microsoft E3 livetext, our servers were under considerable pressure. We had a team on hand all night to tweak server configurations to keep the site working.
- At one point a new Varnish (https://www.varnish-cache.org/about) configuration was deployed to our live servers which incorrectly supplied an authentication cookie for a single user account to all page requests. This meant several people were logged on as a single user named "BulletApe".
- This problem was quickly spotted, and a new Varnish config was deployed to stop the problem from spreading to more users.
- The issue affected any users who made page requests between 23:12 and 23:24 on 10th June. Everyone else remains unaffected.
- This morning I decided to globally invalidate all active logins to force everyone out of the single account. This means you would have been logged out earlier this morning. Sorry about that.
- The small number of users who were logged in as BulletApe had no access to his password, but could have edited his profile and posted as him.
Obviously this sort of thing should not happen, and we're reviewing our live deployment process to try and catch this sort of mistake before it happens again. If you want any more information, please feel free to ask.
I came in like a wrecking ball. Yeah, I just closed my eyes and swung. Left me crashing in a blazing fall. All you ever did was wreck me. Yeah, you, you wreck me.