NationStates confirms data breach, user data and weak passwords exposed

NationStates has confirmed a data breach after an unauthorized user accessed its production server and copied user data. Exposed information includes email addresses, weakly hashed passwords, login IPs, and browser agent strings. The breach resulted from a critical vulnerability in the Dispatch Search feature that allowed remote code execution. After several days offline to address the vulnerability, NationStates is now back online. Users can reset their passwords and review the data associated with their nation, and are advised to update their credentials as a precaution.