[NOTICE] Staff Information Data Leak

Discussion in 'Empire Help & Support' started by Krysyy, Sep 14, 2016.

Thread Status:
Not open for further replies.
Page 4 of 9
  1. All players compromised have had private messages sent to them. No player passwords were compromised.
    Krysyy, Sep 15, 2016
    #61
    Perry_Stahlsis, ANubIsWe3, Kytula and 2 others like this.
  2. I didn't think so. Just figured it was as good a time as any change it.
    ThaKloned, Sep 15, 2016
    #62
    Kytula likes this.
  3. Kudo's for going public with this. Transparency is a very important thing in my opinion and I deeply appreciate that you guys have shown us to full extends what might have been compromised. However... Apologies for being critical again (I know I've shared quite a few critical remarks during the past events) but I'm simply repeating that which I've already shared in private: I really hope that this time you guys will finally apply a requirement for staff members to change their passwords every once in a while. At the very least demand that they use a unique password on EMC.

    Because, as others already mentioned: I remember the last time as well. And I find it peculiar that some people who have access to more personal player information have been quite sloppy with the way they handled their passwords. It doesn't match the responsibility these people have. In my opinion of course.

    Once again, sorry for being critical. But as said: I remember last time and that was also said to be a good lesson regarding passwords, and here we are.. again.

    But enough of that.

    So... let this also be a lesson to all of you players as to what kind of info you share on a certain website. Just because you trust the owner doesn't automatically mean that your data will be safe. Only entrust websites with what you feel comfortable to share with strangers, and nothing more.

    Don't assume too much, the staff really knew what they were doing here.

    As a player who got banned because of this I'd like to confirm what Krysyy said up there: I was unbanned and fully redeemed within the hour. Within a few hours more I also knew how this happened and who to "blame" (something I'll never share). They even came up to me to apologize for the mess, which I gladly accepted and sincerely appreciated.

    I did comment about this on my profile in order to keep some players informed before it could start a ruckus. And when everything got settled I removed the whole kaboodle because I do not feel the need to provide some bored scriptkiddiot with more amusement over it.

    I had a good laugh over the whole thing afterwards to be honest :) I got banned for "hacking". Now, I knew something weird was up (no comment) and I had some serious doubts. But I still decided to use the ban dispute option, also because I was quite curious as to how that exactly worked.

    Here's the funny part: a few weeks before when Anti-Grief came out I did some serious testing and also identified a few nasty bugs. In a way I even exploited said bugs to a certain degree (creating proof of concept) which I obviously kept secret and reported to Aikar & Chickeneer the very same day.

    I will admit that in a brief moment I assumed that this could have led up to my ban. And it slightly annoyed me ;) So I did "confess" to having done that, without apologizing for it because I still believe up to this date that it was for the best that I discovered this and not someone else (no comment).

    Anyway, my trust was shaken, sure, but not stirred :D

    (edit, sorry, forgot to add this :confused:):

    I'd also like to seize the moment to thank the staff again, Aikar & Krysyy in particular, for the way they handled the events aftermath. They really did their best to get things fixed and sorted out as soon as possible, even going so far as to go public (on my profile) although they really preferred not to. That proofs something to me: that the players welfare came first and foremost. An I deeply respect that.
    ShelLuser, Sep 15, 2016
    #63
    Perry_Stahlsis, MissFable, ILTG and 4 others like this.
  4. Haha, this made me grin!
    607, Sep 15, 2016
    #64
    MissFable likes this.
  5. Changing password "frequently" isn't even really the important part. The most important aspect of password security is that the password is complex and never re-used! Given a proper password that hasn't been reused, the only reason to even change your password is in the case it was leaked (keylogger, or site in question has been compromised)

    In this case, the person who was compromised was not staff during the last incident (which was also caused by staff password re-use)

    So during that last incident, we had all staff change their forum password, but this person joined after that so they never updated the password (and ironically, they do use a password database, but as BigDavie said, never changed their main EMC password)

    And to re-clarify from me -- Moderators do not have any form of technical access. Square does not reveal anything related to supporter ship to moderators outside of a Transaction ID if we happened to add it to a players notes (which is not sensitive information)

    Moderators do not have access to the forum admin panel, and even if they did, it is now IP whitelisted after the chincident.

    So there isn't even any reason for players to change their passwords unless you know you have an insecure password and are now going to fix that problem.

    Also, the incident was reported to the persons ISP's Abuse Department, and will be sending the person a legal Cease and Desist which will make it a criminal offense to access EMC using proxies.
    Aikar, Sep 15, 2016
    #65
    Perry_Stahlsis, LtCaptainMe, MercenaryCrow and 21 others like this.
  6. Damn son.
    OhMiku, Sep 15, 2016
    #66
    SoulPunisher likes this.
  7. Harassment is no laughing matter and is taken very seriously. The person involved will hopefully take this valuable lesson away from the whole ordeal and understand that there are laws in the real world, just as there are rules on EMC. If you break them, someone is going to report you and you will get in trouble, no matter how sneaky you think you are.
    Krysyy, Sep 15, 2016
    #67
    Perry_Stahlsis, ILTG, ANubIsWe3 and 5 others like this.
  8. I feel like I just got told off by a teacher... xD
    I have an idea who I think it might be but I shall keep that to myself for the sake of everyone xD

    Also: Everyone on the staff team feeling OK after this? Would hate to see anyone of them feeling down
    OhMiku, Sep 15, 2016
    #68
    MercenaryCrow likes this.
  9. Glad to see BT Forum wasn't accessed. My whole goody builds would have been spoiled :S
    Roslyn, Sep 15, 2016
    #69
    ANubIsWe3, MissFable, 607 and 2 others like this.
  10. Some of the team were simply fed up from the prank calls and aside from some gentle ribbing, we're sensitive to their feelings on the matter and don't want them to blame themselves too harshly. This could have happened to anyone and we are human for the most part.
    Krysyy, Sep 15, 2016
    #70
    Perry_Stahlsis, ANubIsWe3, Kytula and 5 others like this.
  11. Aight
    OhMiku, Sep 15, 2016
    #71
  12. I have not gotten a PM, Yay!

    It's one thing to know that their should/could be real world consequences but it's quite another thing to know the hammer is actually going to fall on someone.

    Foreshadowing O.O
    MissFable, Sep 15, 2016
    #72
    ANubIsWe3 likes this.
  13. True, but demanding frequent changes can enforce this.

    Because people who use the same password on multiple sites more than often don't follow up by changing this password on every other site as well. It also helps to make them aware of the reason behind the requested changes, this can also remind them of the need to keep that specific password different from the rest.

    That is what this all boils down to: making sure that people are aware of this, and remain aware (it's easy to fall back into old habbits).
    ShelLuser, Sep 15, 2016
    #73
    Perry_Stahlsis, Kytula and 607 like this.
  14. Thank you so much staff team for keeping this under control and caring so much for this insanely fun loving community! Im lucky to have stumbled upon yall! :)
    Roarings, Sep 15, 2016
    #74
    AnonReturns, ANubIsWe3 and Eviltoade like this.
  15. Bruh, I was a little worried if it was me too. Damn, glad to see everything is working out again. :)
    TheHoodMonster, Sep 15, 2016
    #75
  16. I dont like to cheat!!!
    RickyAndrea9, Sep 15, 2016
    #76
  17. was that in reference to chin? which one of you isn't 100% human?
    WayneKramer, Sep 15, 2016
    #77
    cowland123 likes this.
  18. It's pretty much confirmed that Simon is a robot with clones.
    As for the others, #spoilers.
    Krysyy, Sep 15, 2016
    #78
    tuq1, Perry_Stahlsis, cowland123 and 4 others like this.
  19. I know someone who's name starts with LittleRobot, but i'm not saying who.
    Eviltoade, Sep 15, 2016
    #79
    tuq1, Perry_Stahlsis, 607 and 7 others like this.
  20. congratulations to the hacker for accessing information that was already public! I hope they're happy with knowing my TEXP and rupee balance \o/
    Dufne, Sep 15, 2016
    #80
    607 and cowland123 like this.
Page 4 of 9
Thread Status:
Not open for further replies.