- Messages
- 713
- Reaction score
- 3,485
- Points
- 500
Updated 27/9
As many of you already know, several accounts were taken over and used maliciously on the 24th of September. We have a very clear idea as to who is responsible for this attack. I will not be giving out any names however.
One main thing to note is that our database was in no way compromised so all information you have both in game and here on the forums is completely safe. This attack was simply gaining access to a staff members account and then using it to edit others in order to gain control, modify information, or delete theirs or others accounts.
Here is the most complete overview that I can put together.
Starting around 9:10AM CEST the individual first gained access to a former Administrator who will remain nameless. However all permissions from this account had already been revoked so nothing of value was gained.
From there the individual gained access to @Xquality's account and added an offensive rating, renamed some users, banned certain IPs, gave administrative permission to 4 users, deleted accounts (including myself), etc.
To note: @Jordan was a former senior admin for those of you unfamiliar with him or his previous role so we decided upon his resignation that he will maintain all his abilities but hold no formal title. Which fortunately allowed him to help hinder some of the individual's "attack" despite their best efforts. So I would ask that everyone thank @Jordan for his efforts to help us during this, I officially thank him as well on behalf of us here at PH.
One individual that was granted administrative permissions was actively seen looking through sensitive areas of the forums, including but not limited to: Staff Complaints, Admin/Mod discussions, and PLPD related matters. Because of this, that member has received a community wide ban.
One other individual looked through some other typically restricted areas of the forums, but did not act on it and instead contacted staff about it as soon as they could regarding the matter. So to them, thank you for doing the right thing, despite looking at a couple things you should not have access to. However unlike the other user, what was accessed contained no information regarding any other user.
The other two users, we are less than concerned about as they didn't do nearly as much regarding their ill gotten power.
Around 11:30AM CEST @Fredy arrived on TS and was promptly informed of the situation and the forums were rolled back approximately 11 hours so some posts may have been lost. There were some lingering breaches that were quickly taken care of. Afterward an imgur album was created with some screenshots of the staff section and other images that should not be for the public.
Conclusion: I still would suggest everyone change their password to a password that you do not use anywhere else and make it secure. Your password would not have been stolen by this individual but if you used your password somewhere else it may have been leaked in some other places so they could potentially gain access using it. (You can check that on sites like haveibeenpwned.com) Overall it is just a minor inconvenience, while unprecedented that they would go to this much effort, it hardly effects much for us since we are good about keeping backups. We do not condone anyone that attacks our server in any form or misuses any ability they should never have unless explicitly granted by senior staff members directly.
Update:
Just to give everyone a quick update. As it turns out, it was not @Xquality 's account that initially was breached but rather @MoronPipllyd's. The initial attack occurred at Saturday around 6:15AM CEST. It actually started gathering information about well known users in the community. Some of this information includes your email address as well as your IP address. At no point they were able to access any information about your passwords (not even the hashed ones) or the raw database entries. As already mentioned I strongly recommend changing your passwords if you can find it on https://www.haveibeenpwned.com but may be worth doing regardless.
If you are always reusing your password and it gets leaked it only takes one search for your email to find information like this:
		
		
	
	
		 
	
This is why I strongly recommend using a password manager such as KeePass, LastPass or Enpass so you can easily use an entirely different and strong password for each website. If one of your passwords does get leaked then it won't compromise your security on any other website since you only used it for that one website.
				
			As many of you already know, several accounts were taken over and used maliciously on the 24th of September. We have a very clear idea as to who is responsible for this attack. I will not be giving out any names however.
One main thing to note is that our database was in no way compromised so all information you have both in game and here on the forums is completely safe. This attack was simply gaining access to a staff members account and then using it to edit others in order to gain control, modify information, or delete theirs or others accounts.
Here is the most complete overview that I can put together.
Starting around 9:10AM CEST the individual first gained access to a former Administrator who will remain nameless. However all permissions from this account had already been revoked so nothing of value was gained.
From there the individual gained access to @Xquality's account and added an offensive rating, renamed some users, banned certain IPs, gave administrative permission to 4 users, deleted accounts (including myself), etc.
To note: @Jordan was a former senior admin for those of you unfamiliar with him or his previous role so we decided upon his resignation that he will maintain all his abilities but hold no formal title. Which fortunately allowed him to help hinder some of the individual's "attack" despite their best efforts. So I would ask that everyone thank @Jordan for his efforts to help us during this, I officially thank him as well on behalf of us here at PH.
One individual that was granted administrative permissions was actively seen looking through sensitive areas of the forums, including but not limited to: Staff Complaints, Admin/Mod discussions, and PLPD related matters. Because of this, that member has received a community wide ban.
One other individual looked through some other typically restricted areas of the forums, but did not act on it and instead contacted staff about it as soon as they could regarding the matter. So to them, thank you for doing the right thing, despite looking at a couple things you should not have access to. However unlike the other user, what was accessed contained no information regarding any other user.
The other two users, we are less than concerned about as they didn't do nearly as much regarding their ill gotten power.
Around 11:30AM CEST @Fredy arrived on TS and was promptly informed of the situation and the forums were rolled back approximately 11 hours so some posts may have been lost. There were some lingering breaches that were quickly taken care of. Afterward an imgur album was created with some screenshots of the staff section and other images that should not be for the public.
Conclusion: I still would suggest everyone change their password to a password that you do not use anywhere else and make it secure. Your password would not have been stolen by this individual but if you used your password somewhere else it may have been leaked in some other places so they could potentially gain access using it. (You can check that on sites like haveibeenpwned.com) Overall it is just a minor inconvenience, while unprecedented that they would go to this much effort, it hardly effects much for us since we are good about keeping backups. We do not condone anyone that attacks our server in any form or misuses any ability they should never have unless explicitly granted by senior staff members directly.
Update:
Just to give everyone a quick update. As it turns out, it was not @Xquality 's account that initially was breached but rather @MoronPipllyd's. The initial attack occurred at Saturday around 6:15AM CEST. It actually started gathering information about well known users in the community. Some of this information includes your email address as well as your IP address. At no point they were able to access any information about your passwords (not even the hashed ones) or the raw database entries. As already mentioned I strongly recommend changing your passwords if you can find it on https://www.haveibeenpwned.com but may be worth doing regardless.
If you are always reusing your password and it gets leaked it only takes one search for your email to find information like this:
 
	This is why I strongly recommend using a password manager such as KeePass, LastPass or Enpass so you can easily use an entirely different and strong password for each website. If one of your passwords does get leaked then it won't compromise your security on any other website since you only used it for that one website.
			
				Last edited: 
			
		
	
								
								
									
	
								
							
							 
	 
 
		
 
 
		
 
 
		

 
 
		 
 
		
 
 
		 
	 
	 
 
		 
 
		 
 
		
 
	 
 
		
 
 
		 
	_equipped.png/revision/latest?cb=20160311033700) 
	 
	 
	 
 
		
 
 
		
 
	 
 
		 
 
		 
	 
	 
 
		

 
 
		 
	 
 
		![Bamarin [IT]](/data/avatars/s/0/907.jpg?1512491947) 
 
		 
 
		 
 
		 
 
		 
 
		