Possible data breach

Announcements made here about the game and the company.

Re: Possible data breach

Postby PyromonkeyGG » Wed Jan 02, 2019 1:28 pm

Dash2 wrote:
PyromonkeyGG wrote:We learned it was legitimate the same time everyone else did. We did receive a phone call from a private number that didn't want to discuss anything over the phone. It seemed shady as hell and we receive strange calls all the time with people trying to scam our business.

We did not see any e-mails from him due to them going to spam.

I figured this was something that happened but why did Achilles choose to ignore this problem when brought up multiple times???


This problem wasn't ignored. I am not sure what you mean by being brought up multiple times. We had 1 phone call from them (private number remember so we can't call back) and we had no emails from him.
User avatar
PyromonkeyGG
Developer
Developer
 
Posts: 2198
Joined: Mon Feb 10, 2014 5:32 pm

Re: Possible data breach

Postby Royee » Wed Jan 02, 2019 1:30 pm

sportakus1 wrote:
Tusillody wrote:
Royee wrote:
Varanus wrote:
Royee wrote:why do I am getting attacked by unknown website every time I refresh the site?

Probably because your browser is poorly handling something in a signature
I'd suggest turning those off so you don't have to see them

but I don't see any signatures, I removed the option to see them.


Try connecting to this website with HTTPS instead of http, see if that changes anything. For some reason all redirects here are insecure links, even though https is available.



Can confirm, just changed from http to https, not it doesnt says "dangerous" site next to link.

Why it showed everytime, I dunno.

sorry for being a little dumb but how do i change it?
Recent Town game - 21A
Recent Mafia game - VFM73
Recent Neutral game - 17B
User avatar
Royee
Easter 2020 Winner
Easter 2020 Winner
 
Posts: 333
Joined: Wed Sep 30, 2015 1:11 pm
Location: UTC +3

Re: Possible data breach

Postby Flavorable » Wed Jan 02, 2019 1:31 pm

Dash2 wrote:I'm bad at wording.

A lot of users brought it up that BMG supposedly ignored these emails and such. Achilles could have given the explanation you just gave to save some confusion, but didn't


Tbf, tho... A lot of people say a lot of things. But without knowing any facts, it's always dangerous to hop on a bandwagon.
No reply to your support ticket after 15 business days? PM me with your ticket number.

You may PM me for clarifications on appeal verdicts, but keep in mind the verdict will not change.

Do you have 151+ games played and want to help rid the community of toxic players and gamethrowers? Join the Trial System today: https://www.blankmediagames.com/Trial/#start

Also, check out the Trial System Discord Server: https://discord.gg/K5SnyJS
User avatar
Flavorable
Global Moderator
Global Moderator
 
Posts: 9279
Joined: Thu Apr 28, 2016 3:24 am
Location: Netherlands

Re: Possible data breach

Postby ReversePolarity » Wed Jan 02, 2019 1:32 pm

PyromonkeyGG wrote:We learned it was legitimate the same time everyone else did. We did receive a phone call from a private number that didn't want to discuss anything over the phone. It seemed shady as hell and we receive strange calls all the time with people trying to scam our business.

We did not see any e-mails from him due to them going to spam.

But the last line in the dehashed thing says "They have received our emails per our original voice conversation, but are yet to respond or even acknowledge either the breach or the emails."
??????
ReversePolarity
Newbie
Newbie
 
Posts: 4
Joined: Sun Apr 17, 2016 12:02 pm

Re: Possible data breach

Postby Varanus » Wed Jan 02, 2019 1:36 pm

You should know exactly what the answer to the road you're going down now is
It's not that hard to guess mate
You were expecting a decent signature...

BUT IT WAS ME! DIO!
User avatar
Varanus
FM Lead Moderator
FM Lead Moderator
 
Posts: 698
Joined: Fri Mar 06, 2015 10:08 am
Location: Lurking

Re: Possible data breach

Postby Chemist1422 » Wed Jan 02, 2019 1:37 pm

Complaining isn’t gonna change anything or what anyone thinks

This is just a toxic blame game right now
mist ~ she/her

i guess this is goodbye?
(still here for danganronpa i guess)


stop sending reports to me i'm not a tos game moderator
User avatar
Chemist1422
FM Game Moderator
FM Game Moderator
 
Posts: 1026
Joined: Tue Mar 20, 2018 5:39 pm
Location: on the beach at dusk (CST/CDT)

Re: Possible data breach

Postby ReversePolarity » Wed Jan 02, 2019 1:37 pm

Tusillody wrote:
ReversePolarity wrote:
PyromonkeyGG wrote:We learned it was legitimate the same time everyone else did. We did receive a phone call from a private number that didn't want to discuss anything over the phone. It seemed shady as hell and we receive strange calls all the time with people trying to scam our business.

We did not see any e-mails from him due to them going to spam.

But the last line in the dehashed thing says "They have received our emails per our original voice conversation, but are yet to respond or even acknowledge either the breach or the emails."
??????



"They have received our emails per our original voice conversation" Meaning it was verified that they had indeed received the emails, and according to the developers, it had gone to the spam inbox.

"but are yet to respond or even acknowledge either the breach or the emails." Meaning they have not responded to the emails or made an announcement to the public regarding the breach or being contacted about it.


Verified that they had indeed received the emails. Yes. It being verified that the devs received the email is different then "Did not see any e-mails from him due to them going to spam." How exactly do they verify that they got something if they never saw it?
ReversePolarity
Newbie
Newbie
 
Posts: 4
Joined: Sun Apr 17, 2016 12:02 pm

Re: Possible data breach

Postby Varanus » Wed Jan 02, 2019 1:39 pm

I'll give you a hint if you haven't figured it out
There was no actual verification that the emails were received
Just that someone said they were
You were expecting a decent signature...

BUT IT WAS ME! DIO!
User avatar
Varanus
FM Lead Moderator
FM Lead Moderator
 
Posts: 698
Joined: Fri Mar 06, 2015 10:08 am
Location: Lurking

Re: Possible data breach

Postby Achilles » Wed Jan 02, 2019 1:42 pm

ReversePolarity wrote:
PyromonkeyGG wrote:We learned it was legitimate the same time everyone else did. We did receive a phone call from a private number that didn't want to discuss anything over the phone. It seemed shady as hell and we receive strange calls all the time with people trying to scam our business.

We did not see any e-mails from him due to them going to spam.

But the last line in the dehashed thing says "They have received our emails per our original voice conversation, but are yet to respond or even acknowledge either the breach or the emails."
??????


That’s a lie. There was never any aknowledgement over having seen the emails. I told pyro and shape that I got a weird phone call from a private number that said they didn’t want to discuss over the phone and that they emailed us. I messaged them on slack and we all checked the email account and saw nothing. We kept an eye on our email over the next few days and still nothing so we assumed it was a scammer messing with us in an attempt to get some kind of financial compensation.

Dehashed did ask if blankmediagamesllc@gmail.com was our email and I said yes. Guessing that’s why he’s saying “they received our emails”. He should update his website to be more accurate. We have slack timestamps proving everything happened this way.
User avatar
Achilles
Developer
Developer
 
Posts: 1038
Joined: Sat Feb 08, 2014 5:02 pm

Re: Possible data breach

Postby S0me0ne23 » Wed Jan 02, 2019 1:44 pm

@devs do you know if RAM could have been compromised, or if it would be possible to obtain purchase information from compromised RAM?
User avatar
S0me0ne23
Lookout
Lookout
 
Posts: 83
Joined: Fri Dec 05, 2014 10:25 pm

Re: Possible data breach

Postby Varanus » Wed Jan 02, 2019 1:45 pm

You were expecting a decent signature...

BUT IT WAS ME! DIO!
User avatar
Varanus
FM Lead Moderator
FM Lead Moderator
 
Posts: 698
Joined: Fri Mar 06, 2015 10:08 am
Location: Lurking

Re: Possible data breach

Postby PyromonkeyGG » Wed Jan 02, 2019 1:45 pm

S0me0ne23 wrote:@devs do you know if RAM could have been compromised, or if it would be possible to obtain purchase information from compromised RAM?


Okay so, we do not handle money. At all. The third party payment processors are the ones that handle all of that. We never see your credit card, payment information, anything like that. We just don't see it. It's impossible for us to have a data breach regarding it because we don't have access to that information.
User avatar
PyromonkeyGG
Developer
Developer
 
Posts: 2198
Joined: Mon Feb 10, 2014 5:32 pm

Re: Possible data breach

Postby Varanus » Wed Jan 02, 2019 1:46 pm

oh no
he took it
You were expecting a decent signature...

BUT IT WAS ME! DIO!
User avatar
Varanus
FM Lead Moderator
FM Lead Moderator
 
Posts: 698
Joined: Fri Mar 06, 2015 10:08 am
Location: Lurking

Re: Possible data breach

Postby Stormbird » Wed Jan 02, 2019 1:48 pm

SereninSparks wrote:There's plenty of much bigger companies out there getting security breaches with even more valuable information and even they are getting less heat than BMG is. Making a big fuss about it is just playing into the hands of the people trying to destroy this company, if we're being honest.


It's just the 8th largest data breach of 2018. No big deal, right?

Making a big fuss about it is called accountability. It's quite clear from previous responses in this thread that security has been neglected on multiple fronts, and it's quite sad for a company that has grown entrusted with 7.6M email addresses gets a wake up call like this.

TurdPile wrote:
Tusillody wrote:Edit: Just saw TurdPile's comment on GDPR time limit being 72 hours. This breach happened on December 22nd according to DeHashed and December 28th according to HaveIBeenPwnd.. That's a little longer than 72 hours. If you (The devs) expect anyone to believe that you had no clue about the breach until today then you're dumber than you think we are.


I, (not a dev, nor employee) do not care if you believe what I state as fact. Me doing my part to give proper information is enough to let me sleep at night; whether or not you want to believe the facts I tell you is up to you. The fact is GDPR regulations state 72 hours after awareness, not after occurrence. That is all I'm saying. Nothing more, nothing less. You can easily verify that information yourself.


That's not how GDPR works. You should have contacted the digital supervising authority of a EU member state at the very least to report the breach, as well as the users affected by the breach. Perhaps you should read some more on this.

It's implied in Dehashed that you picked up the phone on December 28:
Friday, 12/28/2018 – 12:33 PM PST – Called BlankMediaGames
Saturday, 12/29/2018 – 15:12 PM PST – Called BlankMediaGames (No Answer)

You're already off the 72 hours warning period. So I hope you have contacted the relevant authorities and have a good excuse, or you may be subject to 2% of your global turnover in fines.
Stormbird
Newbie
Newbie
 
Posts: 3
Joined: Thu Feb 19, 2015 11:08 pm

Re: Possible data breach

Postby ReversePolarity » Wed Jan 02, 2019 1:49 pm

Achilles wrote:
ReversePolarity wrote:
PyromonkeyGG wrote:We learned it was legitimate the same time everyone else did. We did receive a phone call from a private number that didn't want to discuss anything over the phone. It seemed shady as hell and we receive strange calls all the time with people trying to scam our business.

We did not see any e-mails from him due to them going to spam.

But the last line in the dehashed thing says "They have received our emails per our original voice conversation, but are yet to respond or even acknowledge either the breach or the emails."
??????


That’s a lie. There was never any aknowledgement over having seen the emails. I told pyro and shape that I got a weird phone call from a private number that said they didn’t want to discuss over the phone and that they emailed us. I messaged them on slack and we all checked the email and saw nothing. We kept an eye on our email over the next few days and still nothing so we assumed it was a scammer messing with us in an attempt to get some kind of financial compensation.

Dehashed did ask if blankmediagamesllc@gmail.com was our email and I said yes. Guessing that’s why he’s saying “they received our emails”. He should update his website to be more accurate. We have slack timestamps proving everything happened this way.


You see, you're already contradicting yourself. First you said you DIDNT see the emails at all because they went to spam and you weren't actively checking emails, but now you guys looked at the email and it just had nothing but you kept watching it over the next few days? That doesn't seem like not seeing an email because it went to spam to me.
ReversePolarity
Newbie
Newbie
 
Posts: 4
Joined: Sun Apr 17, 2016 12:02 pm

Re: Possible data breach

Postby Chemist1422 » Wed Jan 02, 2019 1:57 pm

ReversePolarity wrote:
Achilles wrote:
ReversePolarity wrote:
PyromonkeyGG wrote:We learned it was legitimate the same time everyone else did. We did receive a phone call from a private number that didn't want to discuss anything over the phone. It seemed shady as hell and we receive strange calls all the time with people trying to scam our business.

We did not see any e-mails from him due to them going to spam.

But the last line in the dehashed thing says "They have received our emails per our original voice conversation, but are yet to respond or even acknowledge either the breach or the emails."
??????


That’s a lie. There was never any aknowledgement over having seen the emails. I told pyro and shape that I got a weird phone call from a private number that said they didn’t want to discuss over the phone and that they emailed us. I messaged them on slack and we all checked the email and saw nothing. We kept an eye on our email over the next few days and still nothing so we assumed it was a scammer messing with us in an attempt to get some kind of financial compensation.

Dehashed did ask if blankmediagamesllc@gmail.com was our email and I said yes. Guessing that’s why he’s saying “they received our emails”. He should update his website to be more accurate. We have slack timestamps proving everything happened this way.


You see, you're already contradicting yourself. First you said you DIDNT see the emails at all because they went to spam and you weren't actively checking emails, but now you guys looked at the email and it just had nothing but you kept watching it over the next few days? That doesn't seem like not seeing an email because it went to spam to me.

“The email” I assume means their email account
mist ~ she/her

i guess this is goodbye?
(still here for danganronpa i guess)


stop sending reports to me i'm not a tos game moderator
User avatar
Chemist1422
FM Game Moderator
FM Game Moderator
 
Posts: 1026
Joined: Tue Mar 20, 2018 5:39 pm
Location: on the beach at dusk (CST/CDT)

Re: Possible data breach

Postby shapesifter13 » Wed Jan 02, 2019 2:02 pm

We never saw an email from dehashed. We looked at our email account, and saw nothing from them.
shapesifter13
Developer
Developer
 
Posts: 4681
Joined: Fri Jan 02, 2015 4:55 pm

Re: Possible data breach

Postby Achilles » Wed Jan 02, 2019 2:29 pm

ZzFifthElement2zZ wrote:It states on your discord,
"Type in your email here to see if you're affected: https://haveibeenpwned.com/",
So my question is "had only a percentage of accounts were breached?"


Dehashed says they have 7.6 million emails and we have about 8.4million accounts so the vast majority seem to have been compromised.

I have found 3 php backdoor files on our webserver and deleted them. We suspect this was done when our forums were hacked a few weeks ago. Still investigating further.
User avatar
Achilles
Developer
Developer
 
Posts: 1038
Joined: Sat Feb 08, 2014 5:02 pm

Re: Possible data breach

Postby MisaTange » Wed Jan 02, 2019 2:30 pm

eh i dont feel like giving an opinion either but its interesting that my alt (that has a trash/probably reused password) got breached and not this one (which has a complex password with mixed case and special characters) according to hibp
/digger harkness voice

FM Record: 2-1-0
Spoiler: NFM26 - Consort - Won (lynched d4)
CFM18 - Neasans [Citizen] - Loss (Modkilled hilariously n2)
VFM2 - Citizen - Won
User avatar
MisaTange
Veteran
Veteran
 
Posts: 420
Joined: Sun Jan 31, 2016 10:28 pm
Location: CA, USA

Re: Possible data breach

Postby ZzFifthElementzZ » Wed Jan 02, 2019 2:34 pm

Achilles wrote:
ZzFifthElement2zZ wrote:It states on your discord,
"Type in your email here to see if you're affected: https://haveibeenpwned.com/",
So my question is "had only a percentage of accounts were breached?"


Dehashed says they have 7.6 million emails and we have about 8.4million accounts so the vast majority seem to have been compromised.

I have found 3 php backdoor files on our webserver and deleted them. We suspect this was done when our forums were hacked a few weeks ago. Still investigating further.


Ok, thanks ... sucks to not be in the 800,000 that wasn't breached.
Spoiler:
Image

FM Record
Image
User avatar
ZzFifthElementzZ
Doctor
Doctor
 
Posts: 175
Joined: Sun Sep 04, 2016 11:15 pm
Location: apparently something named Earth

Re: Possible data breach

Postby Alicitzen » Wed Jan 02, 2019 2:37 pm

:LUL: :LUL:
Discord: Alicitzen#1312
Image
Image
Image
Image
Image
Image
Image
Image
Image
Image
User avatar
Alicitzen
Valentines 2017
Valentines 2017
 
Posts: 7991
Joined: Mon Mar 10, 2014 10:56 am
Location: Chaldea

Re: Possible data breach

Postby ChubbyMooshroom9 » Wed Jan 02, 2019 2:40 pm

this is what town of salem does to your brain kids
Image

Hall of Fame
Spoiler:
Shino Thomson
Image
Federico Decandia
Image
Clayton (Briah)
Image
Gebura Briah
User avatar
ChubbyMooshroom9
FM Awards: Town
FM Awards: Town
 
Posts: 1376
Joined: Wed Jun 10, 2015 2:31 pm
Location: Ethiopia

Re: Possible data breach

Postby TurdPile » Wed Jan 02, 2019 2:43 pm

Tusillody wrote:
shapesifter13 wrote:We never saw an email from dehashed. We looked at our email account, and saw nothing from them.



Really? I mean, really?


Achilles wrote:
I'm sorry that this all happened and wasn't responded to quickly enough but people were on vacation spending time with their families (and his emails went to our spam filter).


This dev team's damage control is about as good as their security.


There's two different timelines here that you guys are mixing up. When it was first mentioned, they saw no emails; ergo, they never saw the email. The emails were only seen last night after really digging for it, and it was found to be in the spam folder; I mean... how often do you check your spam folder? I check mine maybe twice a month... if that.

The timeline is this:
1. Called by a sketchy private number that wouldn't speak over voice and only via email, claiming U GOT HAXED! (man, if I had a dollar for every email that said I got hacked... I'd be rich).
2. Doesn't get an email (didn't check spam, obviously). Chalked it up to yet another scammer try to extort money.
3. Breach is publicized.
4. Scrutinizing the email inbox, they find them tucked away in spam. (I personally confirmed that pwn and dehashed by default both went to my junk folder. I use hotmail, they use gmail).
5. Now they are aware of the legitimacy of the breach.

This is what I'm gathering the timetable to be, feel free to correct me Blake/Josh/Brandon if this is incorrect.
I have mostly rescinded my role as Admin.

All previous contact should instead be redirected to Flavorable.

If your inquiry doesn't directly have to do with Trial 2.0 or TrialBot, then please refrain from messaging.

Thank you.
User avatar
TurdPile
Vampire
Vampire
 
Posts: 8900
Joined: Tue Feb 11, 2014 10:25 am
Location: Massachusetts

Re: Possible data breach

Postby Alicitzen » Wed Jan 02, 2019 2:45 pm

TurdPile wrote:This is what I'm gathering the timetable to be,

i think anyone with a brain can piece that timetable easily.
people just wanna complain anyways
Discord: Alicitzen#1312
Image
Image
Image
Image
Image
Image
Image
Image
Image
Image
User avatar
Alicitzen
Valentines 2017
Valentines 2017
 
Posts: 7991
Joined: Mon Mar 10, 2014 10:56 am
Location: Chaldea

Re: Possible data breach

Postby BrainDeadRaven378 » Wed Jan 02, 2019 2:46 pm

Will any of my info be used by the hackers? (Email, Accounts, etc) I changed my passwords and emails to websites that I use. But is my money and all that safe?
TOS name: BrainDeadRaven378
Discord name and tag: BrainDeadRaven#7460
Owns coven: Yes
Favorites: Witch. Amnesiac. Jailor. Pirate. Hypnotist.
Least favorites: Spy. Consort. Werewolf. Necromancer. Consigliere.
If you see someone named OneTownieBoi, you found me in-game, i'll be in all any coven, normal all any, and ranked practice.
User avatar
BrainDeadRaven378
Witch
Witch
 
Posts: 52
Joined: Thu Aug 16, 2018 11:31 pm
Location: On a planet, far, far away.

PreviousNext

Return to Announcements

Who is online

Users browsing this forum: No registered users and 6 guests