🧨 One Hat Hacker Attack on Our New Product – Photo Disk

byonly alok -
0

📢 Dear Users, Supporters, and the Media,

We launched Photo Disk (accessible at www.photodisk.online) with a vision — to provide 1000GB of free cloud photo storage to every user. Built using PHP, SQL, and hosted on the platform ProFreeHost, our system was inspired by services like imgbb.com, offering a user-friendly and secure space for backing up images online.

Promoted through our official YouTube channel ONLY ALOK, Photo Disk saw enthusiastic adoption from users excited about our high-storage, free-to-use solution.

⚠️ What Happened on June 21, 2025?

Early morning on June 21, our monitoring system flagged suspicious activity on our servers. Upon investigating several user profiles, we noticed that instead of regular photos, some accounts had uploaded malicious code disguised as image files.

🔍 After a thorough backend review, our team discovered unauthorized files such as:

  • rr.php (See screenshot above)

  • 21023ce.php

When we opened rr.php in the public domain, we were shocked — it was a backdoor panel labeled "One Hat Cyber Team", allowing anyone to edit, delete, or rename files on our server without logging in. This was a clear sign of a server-side script injection attack.

🛡️ Key Points & Our Response

  • Only profile image uploads were compromised. No photos stored in our cloud storage system were accessed or stolen.

  • ✅ Our team has already recovered all affected profile images and cleaned injected scripts.

  • ⛔ We have temporarily shut down both the Photo Disk website and app to protect users.

  • ❌ This breach was made possible due to vulnerabilities in the free hosting service (ProFreeHost) we were using — a major lesson for us.

  • 🔐 We're now working on migrating to a more secure, premium hosting infrastructure with tighter upload and server-level protections.

🎯 What’s Next?

  • We will relaunch Photo Disk soon with upgraded security, better server protection, and more transparency.

  • We urge our community and the wider tech world to treat this as a wake-up call.

  • And to the "One Hat Cyber Team", we say this: You didn’t break our spirit — you only strengthened our resolve to build safer tech.

🗞️ Call to Action for Media & Tech Community

We respectfully invite the media and cybersecurity watchdogs to help spread awareness about this breach so other startups and developers can avoid such pitfalls. Let’s also bring public shame to hackers who target small, community-driven projects.

Tags

You may like these posts

Post a Comment

Previous Post Next Post