Re: Possible data breach
Posted: Wed Jan 02, 2019 8:32 am
GoogleFeud wrote:Someone tried to access my account 13 hours ago from El Limón, Aragua, Venezuela, with IP 190.38.37.97, but Google stopped them
So who do we report that to
Can you survive the Town of Salem?
https://www.blankmediagames.com/phpbb/
https://www.blankmediagames.com/phpbb/viewtopic.php?f=11&t=95378
GoogleFeud wrote:Someone tried to access my account 13 hours ago from El Limón, Aragua, Venezuela, with IP 190.38.37.97, but Google stopped them
Achilles wrote:Technetium wrote:Wikipedia article on MD5 hash wrote:The weaknesses of MD5 have been exploited in the field, most infamously by the Flame malware in 2012. The CMU Software Engineering Institute considers MD5 essentially "cryptographically broken and unsuitable for further use".
So...if the hashing isn't doing its job...why is that hashing method in use?
Because we’re terrible developers obviously
Achilles wrote:Technetium wrote:Wikipedia article on MD5 hash wrote:The weaknesses of MD5 have been exploited in the field, most infamously by the Flame malware in 2012. The CMU Software Engineering Institute considers MD5 essentially "cryptographically broken and unsuitable for further use".
So...if the hashing isn't doing its job...why is that hashing method in use?
Because we’re terrible developers obviously
ApolloRD wrote:Achilles wrote:Technetium wrote:Wikipedia article on MD5 hash wrote:The weaknesses of MD5 have been exploited in the field, most infamously by the Flame malware in 2012. The CMU Software Engineering Institute considers MD5 essentially "cryptographically broken and unsuitable for further use".
So...if the hashing isn't doing its job...why is that hashing method in use?
Because we’re terrible developers obviously
Achilles I would seriously consider deleting this comment and reaching out to someone with experience in Data Security Management / Public Relations.
There are going to be a lot of people looking in on this with interest and this comment shows a concerning lack of responsibility and professionalism.
Operaismo wrote:omg.....
are you serious??? This is really bad omg.
Deagler wrote:- Change your ToS password to something secure
- If you used the same password somewhere else, Change that password
- Setup 2FA on important accounts and your e-mail
Stormbird wrote:As for the emails falling in your "spam" folder, I call BS. You guys just sat on the breach for days.
bkyblyat wrote:Sitting on a data breach like this is against GDPR. Considering EU citizens data got hacked, BMG can be fined. Interesting how this will turn out
bkyblyat wrote:That website claims they were made aware december 28. Besides, I don't think a simple forum post even qualifies for informing affected users
Dare I touch this post with a 10 metre stick, but are you roleplaying your outrage?
KatiyaKramer wrote:YFYDB wrote:You were one of the safest websites i made an account on.
I would hate to know what other websites you use, because this was the farthest from being the safest site on the internet in terms of security...
Tusillody wrote:williewest wrote:orangeandblack5 wrote:Now would be a great time to switch to https for the forums too, no? Unless I'm seeing things my browser keeps flashing "WEBSITE NOT SECURE" at me in bright red every time I try to log in lol
I can help with this. From what I've just tested, going into your bookmarks and editing the BMG ones to contain https:// at the beginning, and also adding it to the url of the page you're currently on in the url bar does seem to make it default to https instead of http.
Alternatively, if your browser does not do this as a function or it reverts back to http, there's a handy extension for Chrome, Firefox and Opera called Redirector by Einar Egilsson that can be used to make sure it redirects to https every time a BMG site is entered.
Edit: Better alternative- "HTTPS everywhere" (Thank kristian818 a couple posts down)
I have just logged into the town of salem website and was redirected here with an insecure link. We should not have to add the "s" to "https", these devs have left all of our data wide open for years. Now it's caught up to all of us.
"We're not a large company we are an indie company"
This excuse is bollocks. No excuse is good enough for all of the incompetence from this team. They will find the legal trouble they deserve, and soon.
MafiaMenace wrote:ApolloRD wrote:Achilles wrote:Technetium wrote:Wikipedia article on MD5 hash wrote:The weaknesses of MD5 have been exploited in the field, most infamously by the Flame malware in 2012. The CMU Software Engineering Institute considers MD5 essentially "cryptographically broken and unsuitable for further use".
So...if the hashing isn't doing its job...why is that hashing method in use?
Because we’re terrible developers obviously
Achilles I would seriously consider deleting this comment and reaching out to someone with experience in Data Security Management / Public Relations.
There are going to be a lot of people looking in on this with interest and this comment shows a concerning lack of responsibility and professionalism.
very big oopsie
TurdPile wrote:The password hashing is controlled by the forum software; the forum at the moment is deeply ingrained with interactions with the game, which makes any changes to the forum software literally game-breaking. With the Unity development, the BMG devs are working on completely decoupling the game from the forum and ditching PhpBB altogether for a better forum software (Vanilla is what was being discussed).
BonnieThePenguin wrote:MafiaMenace wrote:ApolloRD wrote:Achilles wrote:Technetium wrote:Wikipedia article on MD5 hash wrote:The weaknesses of MD5 have been exploited in the field, most infamously by the Flame malware in 2012. The CMU Software Engineering Institute considers MD5 essentially "cryptographically broken and unsuitable for further use".
So...if the hashing isn't doing its job...why is that hashing method in use?
Because we’re terrible developers obviously
Achilles I would seriously consider deleting this comment and reaching out to someone with experience in Data Security Management / Public Relations.
There are going to be a lot of people looking in on this with interest and this comment shows a concerning lack of responsibility and professionalism.
very big oopsie
You should leave this one to the community manager I think
Tusillody wrote:Edit: Just saw TurdPile's comment on GDPR time limit being 72 hours. This breach happened on December 22nd according to DeHashed and December 28th according to HaveIBeenPwnd.. That's a little longer than 72 hours. If you (The devs) expect anyone to believe that you had no clue about the breach until today then you're dumber than you think we are.
TurdPile wrote:Tusillody wrote:Edit: Just saw TurdPile's comment on GDPR time limit being 72 hours. This breach happened on December 22nd according to DeHashed and December 28th according to HaveIBeenPwnd.. That's a little longer than 72 hours. If you (The devs) expect anyone to believe that you had no clue about the breach until today then you're dumber than you think we are.
I, (not a dev, nor employee) do not care if you believe what I state as fact. Me doing my part to give proper information is enough to let me sleep at night; whether or not you want to believe the facts I tell you is up to you. The fact is GDPR regulations state 72 hours after awareness, not after occurrence. That is all I'm saying. Nothing more, nothing less. You can easily verify that information yourself.
MafiaMenace wrote:BonnieThePenguin wrote:MafiaMenace wrote:ApolloRD wrote:Achilles wrote:Technetium wrote:Wikipedia article on MD5 hash wrote:The weaknesses of MD5 have been exploited in the field, most infamously by the Flame malware in 2012. The CMU Software Engineering Institute considers MD5 essentially "cryptographically broken and unsuitable for further use".
So...if the hashing isn't doing its job...why is that hashing method in use?
Because we’re terrible developers obviously
Achilles I would seriously consider deleting this comment and reaching out to someone with experience in Data Security Management / Public Relations.
There are going to be a lot of people looking in on this with interest and this comment shows a concerning lack of responsibility and professionalism.
very big oopsie
You should leave this one to the community manager I think
lolbrosis? this entire mess is a joke