Possible data breach

Announcements made here about the game and the company.

Re: Possible data breach

Postby ReversePolarity » Wed Jan 02, 2019 1:18 pm

Achilles wrote:
kristian818 wrote:large company


Our staff is myself, pyro, shapesifter (community manager), docexer and blueheatwave (Artist).

I'm sorry that this all happened and wasn't responded to quickly enough but people were on vacation spending time with their families (and his emails went to our spam filter). We aren't a large company we are an indie company. Yeah we have a lot of registered users but it was a F2P game and millions of those accounts played a few games and never came back.


I guess the 2 phone calls that dehashed sent, including one that according to them you answered also just went to your emails spam?
ReversePolarity
Newbie
Newbie
 
Posts: 4
Joined: Sun Apr 17, 2016 12:02 pm

Re: Possible data breach

Postby Tusillody » Wed Jan 02, 2019 1:18 pm

Flavorable wrote:
A website that profits from security breaches and doesn't post a source of the actual data leaked, and makes claims of contact without being able to back them up with physical proof is not something I am going to believe over Developers. If you do, that's your prerogative, but personally, I'd rather go with something I know and trust. It's quite obvious that no payment info is stored, because if it had been, people would have become victims of creditcard fraud by now. Not to mention that the Developers have literally -just- been made aware of this, since they were absent for the holidays and are probably gathering more info before they send out an e-mail message about this, which is well within their rights.

There's plenty of much bigger companies out there getting security breaches with even more valuable information and even they are getting less heat than BMG is. Making a big fuss about it is just playing into the hands of the people trying to destroy this company, if we're being honest.


"without being able to back them up with physical proof is not something I am going to believe over Developers. If you do, that's your prerogative, but personally, I'd rather go with something I know and trust"

You don't know anything here, and you're putting your trust in people who have already leaked your personal information due to their incompetence. Wtf are you trying to say here?

"It's quite obvious that no payment info is stored, because if it had been, people would have become victims of creditcard fraud by now"

What? Why would it need to have happened already? That information doesn't change. They can use it whenever they want once they have it.

"Not to mention that the Developers have literally -just- been made aware of this"

Is that something you know and trust ? Because the people who notified them of their own breach say otherwise.

"There's plenty of much bigger companies out there getting security breaches with even more valuable information and even they are getting less heat than BMG is"

Name them? Any company that has a security breach this large and due to such incompetence is going to get the appropriate amount of flak sent their way. You are ignorantly defending people who gave away your personal data.
Tusillody
Jester
Jester
 
Posts: 15
Joined: Wed Aug 05, 2015 4:07 am

Re: Possible data breach

Postby SereninSparks » Wed Jan 02, 2019 1:18 pm

PyromonkeyGG wrote:
S0me0ne23 wrote:
PyromonkeyGG wrote:We have identified one breach and have fixed it. We have been working with Rackspace to help identify any other potential leaks or vulnerabilities on our servers. We will be sending out a mass email announcement soon. Our #1 priority right now is to ensure that our servers are secure, then adding support in our code for forced password resets.

Do you plan on switching to a salted hash algorithm with SHA256 or another modern hash function?


Ours is already salted.


But what algorithm though?
SereninSparks
Newbie
Newbie
 
Posts: 1
Joined: Tue Jun 21, 2016 1:33 pm

Re: Possible data breach

Postby Royee » Wed Jan 02, 2019 1:20 pm

why do I am getting attacked by unknown website every time I refresh the site?
Recent Town game - 21A
Recent Mafia game - VFM73
Recent Neutral game - 17B
User avatar
Royee
Easter 2020 Winner
Easter 2020 Winner
 
Posts: 222
Joined: Wed Sep 30, 2015 1:11 pm
Location: UTC +3

Re: Possible data breach

Postby Varanus » Wed Jan 02, 2019 1:21 pm

Royee wrote:why do I am getting attacked by unknown website every time I refresh the site?

Probably because your browser is poorly handling something in a signature
I'd suggest turning those off so you don't have to see them
You were expecting a decent signature...

BUT IT WAS ME! DIO!
User avatar
Varanus
FM Lead Moderator
FM Lead Moderator
 
Posts: 687
Joined: Fri Mar 06, 2015 10:08 am
Location: Lurking

Re: Possible data breach

Postby Royee » Wed Jan 02, 2019 1:24 pm

Varanus wrote:
Royee wrote:why do I am getting attacked by unknown website every time I refresh the site?

Probably because your browser is poorly handling something in a signature
I'd suggest turning those off so you don't have to see them

but I don't see any signatures, I removed the option to see them.
Recent Town game - 21A
Recent Mafia game - VFM73
Recent Neutral game - 17B
User avatar
Royee
Easter 2020 Winner
Easter 2020 Winner
 
Posts: 222
Joined: Wed Sep 30, 2015 1:11 pm
Location: UTC +3

Re: Possible data breach

Postby Varanus » Wed Jan 02, 2019 1:24 pm

Not sure then
It's only happening on your end
You were expecting a decent signature...

BUT IT WAS ME! DIO!
User avatar
Varanus
FM Lead Moderator
FM Lead Moderator
 
Posts: 687
Joined: Fri Mar 06, 2015 10:08 am
Location: Lurking

Re: Possible data breach

Postby JamesD28 » Wed Jan 02, 2019 1:24 pm

I really can't be bothered to give an opinion on this but here's some videos people might find useful on the technical side of stuff.

https://www.youtube.com/watch?v=8ZtInClXe1Q
https://www.youtube.com/watch?v=DMtFhACPnTY
https://www.youtube.com/watch?v=7U-RbOKanYs
https://www.youtube.com/watch?v=b4b8ktEV4Bg
Image

I can't find my FM record
You probably don't care anyway
User avatar
JamesD28
[Forum Mafia XIV] Winner
[Forum Mafia XIV] Winner
 
Posts: 1870
Joined: Mon Aug 01, 2016 1:30 pm

Re: Possible data breach

Postby PyromonkeyGG » Wed Jan 02, 2019 1:24 pm

We learned it was legitimate the same time everyone else did. We did receive a phone call from a private number that didn't want to discuss anything over the phone. It seemed shady as hell and we receive strange calls all the time with people trying to scam our business.

We did not see any e-mails from him due to them going to spam.
User avatar
PyromonkeyGG
Developer
Developer
 
Posts: 2202
Joined: Mon Feb 10, 2014 5:32 pm

Re: Possible data breach

Postby Tusillody » Wed Jan 02, 2019 1:26 pm

Royee wrote:
Varanus wrote:
Royee wrote:why do I am getting attacked by unknown website every time I refresh the site?

Probably because your browser is poorly handling something in a signature
I'd suggest turning those off so you don't have to see them

but I don't see any signatures, I removed the option to see them.


Try connecting to this website with HTTPS instead of http, see if that changes anything. For some reason all redirects here are insecure links, even though https is available.
Tusillody
Jester
Jester
 
Posts: 15
Joined: Wed Aug 05, 2015 4:07 am

Re: Possible data breach

Postby sportakus1 » Wed Jan 02, 2019 1:27 pm

Tusillody wrote:
Royee wrote:
Varanus wrote:
Royee wrote:why do I am getting attacked by unknown website every time I refresh the site?

Probably because your browser is poorly handling something in a signature
I'd suggest turning those off so you don't have to see them

but I don't see any signatures, I removed the option to see them.


Try connecting to this website with HTTPS instead of http, see if that changes anything. For some reason all redirects here are insecure links, even though https is available.



Can confirm, just changed from http to https, not it doesnt says "dangerous" site next to link.

Why it showed everytime, I dunno.
My Role Ideas:
Informator

List of roles I like:
Spoiler: -investigator
-Consigliere
-Jailor
-Retributionist


List of roles I do not like:
Spoiler: -Framer
-Medium
-Mayor
-witch
-werewolf
(Only if someone else play werewolf role.)
User avatar
sportakus1
Medium
Medium
 
Posts: 162
Joined: Mon Oct 27, 2014 4:43 am

Re: Possible data breach

Postby PyromonkeyGG » Wed Jan 02, 2019 1:28 pm

Dash2 wrote:
PyromonkeyGG wrote:We learned it was legitimate the same time everyone else did. We did receive a phone call from a private number that didn't want to discuss anything over the phone. It seemed shady as hell and we receive strange calls all the time with people trying to scam our business.

We did not see any e-mails from him due to them going to spam.

I figured this was something that happened but why did Achilles choose to ignore this problem when brought up multiple times???


This problem wasn't ignored. I am not sure what you mean by being brought up multiple times. We had 1 phone call from them (private number remember so we can't call back) and we had no emails from him.
User avatar
PyromonkeyGG
Developer
Developer
 
Posts: 2202
Joined: Mon Feb 10, 2014 5:32 pm

Re: Possible data breach

Postby Royee » Wed Jan 02, 2019 1:30 pm

sportakus1 wrote:
Tusillody wrote:
Royee wrote:
Varanus wrote:
Royee wrote:why do I am getting attacked by unknown website every time I refresh the site?

Probably because your browser is poorly handling something in a signature
I'd suggest turning those off so you don't have to see them

but I don't see any signatures, I removed the option to see them.


Try connecting to this website with HTTPS instead of http, see if that changes anything. For some reason all redirects here are insecure links, even though https is available.



Can confirm, just changed from http to https, not it doesnt says "dangerous" site next to link.

Why it showed everytime, I dunno.

sorry for being a little dumb but how do i change it?
Recent Town game - 21A
Recent Mafia game - VFM73
Recent Neutral game - 17B
User avatar
Royee
Easter 2020 Winner
Easter 2020 Winner
 
Posts: 222
Joined: Wed Sep 30, 2015 1:11 pm
Location: UTC +3

Re: Possible data breach

Postby Tusillody » Wed Jan 02, 2019 1:31 pm

PyromonkeyGG wrote:We learned it was legitimate the same time everyone else did. We did receive a phone call from a private number that didn't want to discuss anything over the phone. It seemed shady as hell and we receive strange calls all the time with people trying to scam our business.

We did not see any e-mails from him due to them going to spam.



It seemed shady as hell so you ignored it and let 7 million users' data circulate even longer without notifying us. DeHashed has said multiple times already that during your phone call it was verified that you had received the emails regarding this. The excuses need to stop.

"We had 1 phone call from them (private number remember so we can't call back) and we had no emails from him."

You just said in the previous comment that you had emails from him that went to spam. The story keeps changing, not surprisingly.
Tusillody
Jester
Jester
 
Posts: 15
Joined: Wed Aug 05, 2015 4:07 am

Re: Possible data breach

Postby Flavorable » Wed Jan 02, 2019 1:31 pm

Dash2 wrote:I'm bad at wording.

A lot of users brought it up that BMG supposedly ignored these emails and such. Achilles could have given the explanation you just gave to save some confusion, but didn't


Tbf, tho... A lot of people say a lot of things. But without knowing any facts, it's always dangerous to hop on a bandwagon.
Steam ToS Moderator and Bug Report buttinsky.
Image
User avatar
Flavorable
Global Moderator
Global Moderator
 
Posts: 5170
Joined: Thu Apr 28, 2016 3:24 am
Location: Netherlands

Re: Possible data breach

Postby ReversePolarity » Wed Jan 02, 2019 1:32 pm

PyromonkeyGG wrote:We learned it was legitimate the same time everyone else did. We did receive a phone call from a private number that didn't want to discuss anything over the phone. It seemed shady as hell and we receive strange calls all the time with people trying to scam our business.

We did not see any e-mails from him due to them going to spam.

But the last line in the dehashed thing says "They have received our emails per our original voice conversation, but are yet to respond or even acknowledge either the breach or the emails."
??????
ReversePolarity
Newbie
Newbie
 
Posts: 4
Joined: Sun Apr 17, 2016 12:02 pm

Re: Possible data breach

Postby Tusillody » Wed Jan 02, 2019 1:34 pm

ReversePolarity wrote:
PyromonkeyGG wrote:We learned it was legitimate the same time everyone else did. We did receive a phone call from a private number that didn't want to discuss anything over the phone. It seemed shady as hell and we receive strange calls all the time with people trying to scam our business.

We did not see any e-mails from him due to them going to spam.

But the last line in the dehashed thing says "They have received our emails per our original voice conversation, but are yet to respond or even acknowledge either the breach or the emails."
??????



"They have received our emails per our original voice conversation" Meaning it was verified that they had indeed received the emails, and according to the developers, it had gone to the spam inbox.

"but are yet to respond or even acknowledge either the breach or the emails." Meaning they have not responded to the emails or made an announcement to the public regarding the breach or being contacted about it.
Tusillody
Jester
Jester
 
Posts: 15
Joined: Wed Aug 05, 2015 4:07 am

Re: Possible data breach

Postby Varanus » Wed Jan 02, 2019 1:36 pm

You should know exactly what the answer to the road you're going down now is
It's not that hard to guess mate
You were expecting a decent signature...

BUT IT WAS ME! DIO!
User avatar
Varanus
FM Lead Moderator
FM Lead Moderator
 
Posts: 687
Joined: Fri Mar 06, 2015 10:08 am
Location: Lurking

Re: Possible data breach

Postby Chemist1422 » Wed Jan 02, 2019 1:37 pm

Complaining isn’t gonna change anything or what anyone thinks

This is just a toxic blame game right now
mist ~ she/they
User avatar
Chemist1422
FM Game Moderator
FM Game Moderator
 
Posts: 987
Joined: Tue Mar 20, 2018 5:39 pm
Location: on the beach at dusk (CST/CDT)

Re: Possible data breach

Postby ReversePolarity » Wed Jan 02, 2019 1:37 pm

Tusillody wrote:
ReversePolarity wrote:
PyromonkeyGG wrote:We learned it was legitimate the same time everyone else did. We did receive a phone call from a private number that didn't want to discuss anything over the phone. It seemed shady as hell and we receive strange calls all the time with people trying to scam our business.

We did not see any e-mails from him due to them going to spam.

But the last line in the dehashed thing says "They have received our emails per our original voice conversation, but are yet to respond or even acknowledge either the breach or the emails."
??????



"They have received our emails per our original voice conversation" Meaning it was verified that they had indeed received the emails, and according to the developers, it had gone to the spam inbox.

"but are yet to respond or even acknowledge either the breach or the emails." Meaning they have not responded to the emails or made an announcement to the public regarding the breach or being contacted about it.


Verified that they had indeed received the emails. Yes. It being verified that the devs received the email is different then "Did not see any e-mails from him due to them going to spam." How exactly do they verify that they got something if they never saw it?
ReversePolarity
Newbie
Newbie
 
Posts: 4
Joined: Sun Apr 17, 2016 12:02 pm

Re: Possible data breach

Postby Varanus » Wed Jan 02, 2019 1:39 pm

I'll give you a hint if you haven't figured it out
There was no actual verification that the emails were received
Just that someone said they were
You were expecting a decent signature...

BUT IT WAS ME! DIO!
User avatar
Varanus
FM Lead Moderator
FM Lead Moderator
 
Posts: 687
Joined: Fri Mar 06, 2015 10:08 am
Location: Lurking

Re: Possible data breach

Postby Tusillody » Wed Jan 02, 2019 1:41 pm

ReversePolarity wrote:
Tusillody wrote:
ReversePolarity wrote:
PyromonkeyGG wrote:We learned it was legitimate the same time everyone else did. We did receive a phone call from a private number that didn't want to discuss anything over the phone. It seemed shady as hell and we receive strange calls all the time with people trying to scam our business.

We did not see any e-mails from him due to them going to spam.

But the last line in the dehashed thing says "They have received our emails per our original voice conversation, but are yet to respond or even acknowledge either the breach or the emails."
??????



"They have received our emails per our original voice conversation" Meaning it was verified that they had indeed received the emails, and according to the developers, it had gone to the spam inbox.

"but are yet to respond or even acknowledge either the breach or the emails." Meaning they have not responded to the emails or made an announcement to the public regarding the breach or being contacted about it.


Verified that they had indeed received the emails. Yes. It being verified that the devs received the email is different then "Did not see any e-mails from him due to them going to spam." How exactly do they verify that they got something if they never saw it?


It was verified on december 29th through a phone call that the developers had received an email (and according to them, it was in the spam folder). They would have looked at that email and read it. Then ignored the emails and calls in the future. Does this help the confusion?
Tusillody
Jester
Jester
 
Posts: 15
Joined: Wed Aug 05, 2015 4:07 am

Re: Possible data breach

Postby Achilles » Wed Jan 02, 2019 1:42 pm

ReversePolarity wrote:
PyromonkeyGG wrote:We learned it was legitimate the same time everyone else did. We did receive a phone call from a private number that didn't want to discuss anything over the phone. It seemed shady as hell and we receive strange calls all the time with people trying to scam our business.

We did not see any e-mails from him due to them going to spam.

But the last line in the dehashed thing says "They have received our emails per our original voice conversation, but are yet to respond or even acknowledge either the breach or the emails."
??????


That’s a lie. There was never any aknowledgement over having seen the emails. I told pyro and shape that I got a weird phone call from a private number that said they didn’t want to discuss over the phone and that they emailed us. I messaged them on slack and we all checked the email account and saw nothing. We kept an eye on our email over the next few days and still nothing so we assumed it was a scammer messing with us in an attempt to get some kind of financial compensation.

Dehashed did ask if blankmediagamesllc@gmail.com was our email and I said yes. Guessing that’s why he’s saying “they received our emails”. He should update his website to be more accurate. We have slack timestamps proving everything happened this way.
User avatar
Achilles
Developer
Developer
 
Posts: 1034
Joined: Sat Feb 08, 2014 5:02 pm

Re: Possible data breach

Postby S0me0ne23 » Wed Jan 02, 2019 1:44 pm

@devs do you know if RAM could have been compromised, or if it would be possible to obtain purchase information from compromised RAM?
User avatar
S0me0ne23
Lookout
Lookout
 
Posts: 81
Joined: Fri Dec 05, 2014 10:25 pm

Re: Possible data breach

Postby Varanus » Wed Jan 02, 2019 1:45 pm

You were expecting a decent signature...

BUT IT WAS ME! DIO!
User avatar
Varanus
FM Lead Moderator
FM Lead Moderator
 
Posts: 687
Joined: Fri Mar 06, 2015 10:08 am
Location: Lurking

PreviousNext

Return to Announcements

Who is online

Users browsing this forum: No registered users and 4 guests