DrawAFish.com TL;DR: Incident Duration: ~6 hours (2AM–8AM EST) Impact: Username vandalism (slurs) Offensive fish approved / safe fish removed Root Causes: Legacy 6-digit admin password exposed in past data breach Username update API lacked authentication JWT not tied to specific user Mitigation: Manual reversal of mod actions, fixed authorization logic, backups reviewed Takeaway: hwoopsy daisy 🙂 Did you see? Did you see it? What it says? What it says on top of the website? If you were on Hacker...