Sometimes Dumb Shit Happens
About an hour ago, I got a notification from Echofeed1:
After the initial WHAT THE FUCK, I realized pretty quickly that the only thing I have Echofeed posting from is my status.lol statuslog. I immediately checked to see if the status was there — and it was. Great, so someone figured out how to post to status.lol as me. Again: WHAT. THE. FUCK.
I immediately generated a new OMG.LOL API key. I also checked my logins there and thankfully those looked fine. The only way I post to status.lol is via a shortcut on my iPad and iPhone, and that shortcut uses the API key. Nothing else of mine is using the key. So I started thinking…
Hey dumbass, didn’t you write a post about posting to status.lol from a shortcut back in the spring?
You sure did.
And then a few months later, didn’t you think that the image you initially had uploaded looked kinda grainy so you took a new screenshot from the Shortcuts app and re-uploaded it?
You sure did.
And since you like to work on the site and make changes in the middle of the night like a sleep-deprived goblin, didn’t you — on Labor Day weekend — FORGET TO REMOVE YOUR FUCKING USERNAME AND API KEY FROM THE SCREENSHOT?
You sure did, you giant fucking dumbass.
Fuuuuccccckkkkkk me.
Two upsides from all of this:
- Echofeed notified me that I posted to Mastodon (which I did not) and alerted me to the whole situation.
- I have so little traffic that my username and API key sat clear as day in an image on the site for just over three months before anyone found it and used it.
Anyway, it’s fixed now. The API key has been changed and the image on the post has been updated. Hats off to the donkey that “pwned” me for posting as me to status.lol, and to Echofeed for sending the notification that something hit Mastodon 👍
-
Echofeed monitors my statuslog and posts to Mastodon when a new status is posted. It can do a bunch of other stuff too and is worth every penny. Go check it out. ↩︎