The certificate was issued by Let's Encrypt https://letsencrypt.org/ a free, automated, and open certificate authority. If configured properly, a web server program will auto-renew a certificate set to expire in less than 30 days. It seems likely the Feb 2022 hack affected the auto-renew.
Originally Posted by saustin
Let's Encrypt is worthless. It's free because it doesn't it doesn't do an automated cursory check to make certain that the servers hosting the website all have valid security certs and as a minimum, support 1,024 bit encryption algorithms.
You can submit my.kids.crayon.pictures.on.my. refrigerator.net and Let's Encrypt will give you a "certificate", worth less than your kid's crayon pictures on your refrigerator.
If you drink the popular Kool-Aid that the sire was "hacked", then you have to assume that all user data was captured and compromised.
If you follow my line of thinking, no legit hosting service would even accept any electronic data from a site lacking a real security certificate.
Both possibilities entail all user info being captured and compromised, including all account info, passwords and PMs.
But the cybercrack addicts gotsa have their cybercrack.....
Crack on!