I have already posted this announcement in the Discord server, but for people who don’t use it I’ll post it here (and the website later today) as well.
Palosvik of the Skype Community server, yes the same one that got the NINA/Escargot Discord taken down, and his team are planning an attack on CrossTalk. They discovered another vulnerability within the INS protocol (which handles account management, session management, and things like sending out alerts from the service), and, instead of disclosing it to us, they decided to begin drawing up plans to exploit it.
Now unlike what he claims he in the screenshots, this does not allow remote access into CrossTalk’s server (i.e. you can’t create a shell from this) BUT it does allow takeover of accounts as you can edit any attribute of any user.
Given this, the INS server has been disabled until a fix has been implemented, and in the meantime you won’t be able to create accounts or update your profile. You’re encouraged to change your password whenever the INS server is back up. We don’t know how much info they have actually gotten access to at this time.
It’s sad to see that we’re now resorting to literal crimes as a way of putting down competing services, I’m tired of it and some way or another it ends, NOW.
good luck with fixing everything though, i hope that you will succeed.