Didn't I make myself clear in December that I want my account deleted? It's March and it not only still exists, but also now apparently leaks user data. Seriously, I got an e-mail from google to change my password as it was compromised and of course it just happened to be the offprint one. Even funnier, the fact that my account still exists wouldn't even bother me that much if it wasn't for one tiny detail: it doesn't seem to be possible to change one's password at all. What I can change in the profile are avatar, profile cover, name, and bio, but apparently not password (also, you can't really delete your fics once they've been posted, but at least you can get creative with their descriptions). Oh, I can also choose the theme and whether I want to see mature and explicit fics, but the "account" section, which, I assume, would allow the user to change their password, is still not done.
I guess the devs have different priorities, given the last blog post introduced the constitution - on a side note, seriously? The fanfiction site that went for a month without anyone bothering to post a new story (and if it wasn't for Oroboro, it'd keep going on) apparently needs a constitution, but at the same time can't be arsed to fix such issues as basic security. That just looks amateurish.
Once again, I want any trace of my account wiped from offprint. Not people telling me to stay, no people wondering on Discord what went wrong, but a total account removal. That's all I ask for.

7666716
FYI this FIMFic group has no real connection to the site. You would probably get better results contacting the Offprint staff directly via Discord?

7666716
Deleted from here on Fimfic? Or on Offprint?

7666724
It doesn't seem like anything on offprint has any connection to anything these days, but I guess so.

Huh, very strange that it'd leak user data. I'll let people know about your concern.
I"m still hard at work on the site, but it is true that password changing isn't in yet.

I mean honestly from what I’ve it looks like you’re expecting so much on an incomplete site no offense

Not trying to change your mind but I’m just saying (yes I looked back on post for context)

7666740
The site that I don't use anymore literally leaked my password data somewhere and there's no way to even change the leaked password. I'm surprised this doesn't bother you (what if other people's passwords leaked as well?)

account deletion is finished. we'll be looking into the security breach soon—wasn't aware of any breach until now.

7666742
That one is reasonable actually

I was talking past post

7666745
Thanks.

7666735
I mean... to be clear your post here is roughly analogous to someone posting on Quora complaining that Facebook hasn't deleted your Facebook account after your last Quora post requesting it. None of the admins of this group are Offprint staff or vice versa.

Offprint has always relied on its Discord server as the primary communication channel/support venue since most of the on-site communications haven't been built out yet. It's linked on the homepage and all of the staff is active in it because it's also the primary development communications channel.

I just clicked in to look and someone else has linked this thread there and the dev admin has deleted your account. You could consider hopping in to give them a copy of whatever warning Google sent you -- sounds like they aren't aware of any breach or even how a breach might have occurred based on their setup (I haven't gotten any warnings from Google myself) -- but otherwise I expect you're all set.

Edit: Oh, and as I was typing this they came by the thread, so cool.

to also be clear: i have no idea how a password leak could have happened. no route in the API ever returns passwords (not even emails!), as the full account object is never exposed. even still, all passwords on offprint are one-way encrypted using Argon2id, which would require approximately 10 years and several tens of millions of dollars to crack, assuming a strong password. there's always the possibility that my database password got leaked, but i doubt it as i make use of mongodb atlas's IP whitelist on top of a password.

it would be worth it to know if the google report included other potential sites used to nab the password, e.g. if it's a password you use elsewhere as well. otherwise, diagnosing this will be a tad difficult.

7666735
This group was made by Krickis. Krickis is not a staffer on Offprint. Krickis is just a user.

Obviously Figs checks sometimes, but Figs ain't running this fimfic group.