Sign InloginRegisterperson_add
Sign Inlogin
chuwigirls's Page Doll
family_staralternate_emailchuwigirls
  • it/its
do it for the girls
person
All Journals
unfold_more
settings_account_box
Journals Archive
expand_more
personAll Journals
calendar_monthMay 2024calendar_monthApril 2024calendar_monthOctober 2021
art trades?posted last year, edited last year by family_staralternate_emailchuwigirls

status: will always be open!

been wanting to do sum trades for a while now, esp since ive gotten a lot of moots on this site ^-^

feel free to comment below if u wanna trade!! with the type of art you wanna do (headshot, fullbody, experimental) and oc's you'd want drawn !!

about -

  • mostly wanting to trade with my mutuals, but if anyone else sees this, feel free to comment if interested and i can consider :0
  • i can take around a week or 2 depending on how busy i am
  • im a bit picky with the characters i want to draw. feel free to send me multiple ocs for me to pick from; these characters of mine are examples of designs i like. if you see someone in my toyhouse you'd like to draw, feel free to ask!
  • i will draw any feral animal species, anthros, some closed species, and dinos/dragons. not rlly motivated to draw humans atm

ill decide after this weekend if/who i wanna trade with!

arttradetrade
Sheezy's Data Breach on March 7th, 2024posted last year by family_staralternate_emailchuwigirls

reposting this from my literatures bc i didn't want it in my gallery

On March 7th, Sheezy emailed users whose information was leaked. I was one of these users, and I'm sure there were many others, as the problem was "fairly widespread." There hasn't yet been a public announcement on site about the data breach, but Sheezy only has one site dev. As a cybersecurity major, I know what its like to be swamped with site vulnerabilities. In the meantime, here's some tips on how to keep your information safe, as well as the email I received about what happened and what was done to mitigate the issue for transparency.

What's a data breach?
It's when confidential/secret data is accessed without authorization. For Sheezy, this data can include usernames, passwords, email addresses, multifactor authentication codes, and integrated app tokens (like Discord and Patreon).
Are they dangerous?
Yes, they can be dangerous if confidential data is in the wrong hands; one example is the Change Healthcare data breach that compromised global healthcare functions, or Mangadex's breach that leaked many passwords. But Sheezy has said on March 7th, "as far as we are aware, nobody has downloaded this data en-masse." Thankfully this means your account hasn't been hacked, or that your password wasn't leaked. But it also doesn't mean you should ignore what happened, and changing your password is the least you can do to keep safe!
What can I do to be safe?

  1. Change your password. This not only includes your Sheezy account, but also any accounts that share the same or a similar password. One attack that hackers utilize is credential stuffing, when attackers use a list of leaked user info to 'stuff' on different sites, banking on the fact that a lot of people reuse passwords for their credentials.
    1. To change your password, go to Account Settings, then scroll down. On the left side, under the last heading Security & Privacy, click on Password & Authentication to change
    2. Use a password manager to track your many passwords! Google password manager, Last Pass, and Keepass are some examples
  2. Disconnect your integrated apps. Sheezy mentioned that Discord and Patreon access tokens may have been leaked, but you can go ahead and dis/reconnect all integrations: Discord, Patreon, Ko-fi, and Paypal. All of these apps can make purchases using connected bank accounts! To do this,
    1. Go to Account Settings
    2. Scroll down. On the left side, you can find Integrations
    3. Click on the names to then disconnect those apps from Sheezy
  3. Enable multifactor or two-factor authentication. Sheezy also mentioned that multi-factor authentication (MFA) tokens may have been leaked, and thus disabled all MFA. On Sheezy, MFA is also called two factor authentication (TFA). This one is especially important, as MFA is a great way to secure your account against attackers, and MFA is used in many workplaces and universities to stay cybersecure. Sheezy did not announce on-site that this was done, and is an oversight for further security flaws. If you had it enabled previously and noticed it was turned off when you signed in, this is why. To enable MFA, it's in the same place as changing your password.
    1. In Account Settings, scroll down. On the left side, under the last heading Security & Privacy, click on Password & Authentication
    2. Scroll down. You'll see a QR code, which says to 'Scan this QR code with the auth app of your choice' or ' use the following code.' You can use the same authentication app as your work or school, or here's some recommendations if you don't have one:
      • Microsoft Authenticator, downloadable on Google Play or the App Store
      • Google Authenticator, downloadable on Google Play or the App Store
      • If you use a password manager, it can also offer authentication services

Sheezy's email about the data breach affecting users

Notification of Data Breach

Hi chuwigirls,

This morning, our developer was alerted to a security breach in the Sheezy.Art website's code. As soon as we were made aware, we shut the site down so that we could properly assess the situation.

The problem was fairly widespread, affecting a number of pages across the site. Some user data was leaked via the pages' source code; if you're seeing this email, it unfortunately means that your data may have been leaked.

Note: We store user passwords as encrypted hashes. There is no danger of your password being leaked.That said, we still advise that you change your password at your earliest convenience once the site comes back online.

Leaked data includes:

  • User email addresses
  • Multi-factor authentication tokens
  • Encrypted password hashes
  • Discord and Patreon access tokens
  • Legacy account archive filenames
We have taken the following measures to remedy this vulnerability:
  • Patched a security hole that allowed sensitive data through
  • Destroyed all active login sessions
  • Disabled multi-factor authentication for all accounts
    • Purged all multi-factor auth recovery codes
  • Renewed all Discord and Patreon access tokens
  • Purged all legacy archive files
As far as we are aware, nobody has downloaded this data en-masse.

We cannot apologise enough for this oversight and are doing our absolute utmost to prevent this in future.

Please keep an eye on our BlueSky or Twitter accounts for updates on the situation. A public announcement will be made shortly.

With Sincere Apologies,

The Sheezy Team

Further notes
Ry, the site dev, swiftly identified and dealt with this security incident. But it's been more than 2 weeks and I'm still waiting for formal news to be posted on the Sheezy site, as "a public announcement will be made shortly," as stated in the email to breached users. This means those affected don't know that a data breach happened at all if they don't follow Sheezy's socials, yet still use the main site. And any new users will know much less. I don't see anything further on Sheezy's Twitter, Bluesky, or Discord besides the initial notification of the breach (each post is linked).
I'm also not sure why this incident was called a breach, and I think should be classified as an accidental data exposure. A breach implies an external source (like an attacker) tried to gain access to the site's sensitive data, while the email is written to say that information was leaked and no attackers gained access to data. This may be technical language, but using the word 'breach' is more severe than saying your data may have been exposed or leaked.

I hope this was informative, and not a cause for panic! Be safe, not anxious. If anyone has anything to add or if you'd like to repost this journal, please go ahead and do so ^-^

breachdatabreachpasswordpsasafetysheezy
ABOUT PAGEDOLLS !! and other accessibility warningsposted 3 years ago, edited 3 years ago by family_staralternate_emailchuwigirls

hi! about accessibility...

 

ill start with my first gripe that led me to making this journal--

ive been seeing a floating pagedoll on some peoples profiles! i even use it myself, since its adaptable from toyhouse. BUT this pagedoll takes up half the screen on mobile. i cant even click on half the things on the profile. i myself have edited my pagedoll to be super small and floating near the top so it doesnt impact scrolling; please keep in mind accessibility before adding features that can ruin others experience on your profile :(

 

other accessibility/general warnings -

- autoplayed music. does your music have loud sounds or curses?

- flashing colors/lights. does your profile have gifs that move a lot and can cause epilepsy / seizures?

- eyestrain. bright colors may be your aesthetic, but keep in mind some others cannot handle exposure to colors that are way too saturated!

- light colored text on white backgrounds. this is a huge problem on toyhouse, with pink text on white bgs for user warnings. no one can read that, so your information is just getting straight up ignored!

- gore/blood/weapon/dark aesthetics. these can be triggering for some people, so warning that your profile uses these as an aesthetic would save some panic attacks. i know of two people, my own sister being one of them, who faint at the sight of blood without warning.

if im missing something feel free to comment it ^-^

 

sheezy allows for user customization, so please dont feel like you have to give up your aesthetic. instead, having a neutral and easy to read html block at the top of your profile warning of eyestrain/epilesy/etc makes an immense difference. 

 

the only crediential i have to speak on this topic is that i took a class about user accessibility in the field of technology and how albiest the process of development can be. did you know that sidewalks were considered to curved down to street level to aid bikers/skateboarders and NOT people with wheelchairs and blind persons who can trip on curbs?

youre free to repost this journal, to save a copy for yourself and spread it around ^-^

 

edit: if page customization does hinder your sheezy experience, you can turn it off completely! go to accounting settings by clicking your profile pic in the top right ---> preferences ---> turn off 'show user page customization'