Versus Market, a “security driven marketplace,” entered maintenance to conduct a security audit in response to a recent concern involving an IP address leak. The leak, according to the market, is not an issue for Versus users.

Estimated downtime until: 2020/03/22 - 11:00-16:00 UTC

Yesterday, Versus staff /u/WilliamGibson posted an announcement in the Versus subdread concerning the “potential IP leak” as well as the related downtime:

We received reports of a potential IP leak from one of our middleware server and decided to shut the market down temporarily to investigate the issue before any damage is done.

The affected server has been added recently during the ddos and is not a backend server. It has been wiped and abandoned for security reasons.

I don’t want to cause any panic and can assure you that I only post this for transparency.

The market will be running as usual after we made sure there are no other leaks in max 12 hours until 11:00 UTC.

Please excuse the inconvenience caused and rest assured no userdata or any critical information in general has been leaked.

An individual operating under the username “BenedictParchezzi” is responsible for discovering the IP address of one of Versus Market’s middleware servers. BenedictParchezzi made the discovery after targeting the market with a DDoS attack. According to the attacker, Versus handled the disclosure “honestly.”


The attacker discovered the IP address after hitting the market with a DDoS attack


If the announcement from Versus staff is accurate, the issue is relatively minor. An administrator of a different marketplace described the incident as “not good, but not that bad either.”

This announcement will be updated if WilliamGibson provides any additional information. There is very little reason for Versus to add anything to the original announcement on Dread unless they discover something unexpected during the security audit.