Kahldal's Interview w/ Ayden
Updated: Oct 1, 2022
News & Opinion, Media & Tech
Note: To protect the security of certain SCP Staff, details of hacking have been slightly simplified.
Wikidot has served as the primary vector for Containment Fiction for over fifteen years now, ever since the SCP Wiki first crawled out of the primordial soup of the forum era. From SCP and Backrooms, to their respective spinoffs at RPC and LA, to the myriad cheap imitations of the aforementioned sites, Wikidot has been through a lot. Nonetheless, it’s held up. Things have seriously escalated in the last few months, however.
First, on May 19, a hack that Wikidot has claimed originated in the Russian Federation took down the platform entirely. According to SCP Staff’s monthly news post for June 2022, the incident was not government-sponsored, but merely the work of a single entity.
Later, on June 17th, SCP Wiki’s home page was edited to contain promotion for a Discord-based hacker, who had gained access to Site Admin ManyMeats’ account. Then, in July, A Discord user by the name “Ayden” (tag removed to avoid promotion) agreed to an exclusive interview with Confic Magazine. This user provided concrete proof of their responsibility for the June 17th main page incident.
According to Ayden, a search of previously leaked databases revealed ManyMeats’ email, and a previous hack revealed codes that could be used to acquire passwords linked to that email.
“Around 6 months ago, I was on my PC, very bored, so I started looking for scary stories. I found SCP, decided, ‘oh, that looks cool’, went to their website, realized they had a visible admin page, tried a few logins, and luckily enough got ManyMeats. I found his email in a dump from many years ago, and made a program that allows me to dehash passwords if they've already been solved.” Ayden said.
"A way it could have been stopped is with two-factor authentication,” Ayden said. “Wikidot does not offer it. Which means, if I had your password right now, everything you have access to  could be gone in a matter of minutes. The whole thing could have been so much worse- I had the ability to delete [the entire SCP Wiki], but decided not to, as it’s been around for a very long time. Two-factor authentication [would mean] even if they have your password, you might have to receive a text from your phone with a code to log in, or from your email, or from an app on your phone. Without two-factor authentication, any site that is hosted by Wikidot can be taken down.”
Ayden also pointed out that while Wikidot was partly responsible, ManyMeats also selected a poor password. However, he also debunked the claim that said password was “SCP.ADMIN.02”.
“You could have the most secure system in the world, but humans will always be the weak point. I think had ManyMeats done the slightest to protect his information, none of this would've been possible.” Ayden said. “His password was a variation of a common one he used.”
Ayden claims the entire hack was enabled by Wikidot’s failure to offer Two-factor Authentication. Due to this weakness, Ayden says the entire wiki could’ve been destroyed by a more hostile actor.