Regarding an Issue

EndenDragon · 08-10-2016, 04:42 PM,

So recently I did some googling, found a website that can check if your account has been leaked. Apparently, earlier this year - around January, MCWM db has been leaked. Would someone email/pm me so I could provide more sensitive details?

Best Regards,
EndenDragon

Nathangorr · (This post was last modified: 09-27-2016, 04:59 PM by Nathangorr.)

(08-10-2016, 04:42 PM)EndenDragon Wrote: So recently I did some googling, found a website that can check if your account has been leaked. Apparently, earlier this year - around January, MCWM db has been leaked. Would someone email/pm me so I could provide more sensitive details?

Best Regards,
EndenDragon

Note: I am unable to speak for Skeight. He may have different reasoning and explanation than I. This post is entirely based on my opinion and information that I collected.

There have been multiple instances of our forums being hacked. Neither of these cases was globally announced for reasons to avoid giving the hackers any credit for their actions and the belief that no critical information was leaked. The first hack was in late 2015, where a wannabe hacker only changed the index of the forums and impacted no other part of the site. This hack was executed by exploiting a bug within the MyBB software, meaning that nothing was leaked since our administrative panel was never accessed. Additionally, my follow-up investigation never lead to anything.

Unfortunately, I did not find the hack that you were referring to be very threatening, as the user simply gained access to our administrative panel and advertised their server. We were and still are not aware of any critical information being leaked, as it first appeared to be another wannabe hacker. Note that I cannot guarantee that this was the exact incident. See the post below.

(01-16-2016, 08:58 AM)skeight Wrote: The following private message did not come from me or anyone here. This was spoofed by someone who decided to send out all these emails.

You have received a new private message on Minecraft World Map from skeight:
------------------------------------------
Hey guys wanted to let you know about the new awesome server!
Make sure to come and join and be a part of the community!
Server IP: [REMOVED]
------------------------------------------

Sorry about that everyone - working on figuring out who did this.

I do apologize that no one was directly informed of this, but rest assured this shouldn't happen again. Since the attack, we have increased our security measures and locked our administrative panel only to be accessible under certain conditions.

Nathangorr · (This post was last modified: 09-27-2016, 05:00 PM by Nathangorr.)

(08-11-2016, 03:33 PM)Nathangorr Wrote:
(08-10-2016, 04:42 PM)EndenDragon Wrote: So recently I did some googling, found a website that can check if your account has been leaked. Apparently, earlier this year - around January, MCWM db has been leaked. Would someone email/pm me so I could provide more sensitive details?

Best Regards,
EndenDragon

Note: I am unable to speak for Skeight. He may have different reasoning and explanation than I. This post is entirely based on my opinion and information that I collected.

There have been multiple instances of our forums being hacked. Neither of these cases was globally announced for reasons to avoid giving the hackers any credit for their actions and the belief that no critical information was leaked. The first hack was in late 2015, where a wannabe hacker only changed the index of the forums and impacted no other part of the site. This hack was executed by exploiting a bug within the MyBB software, meaning that nothing was leaked since our administrative panel was never accessed. Additionally, my follow-up investigation never lead to anything.

Unfortunately, I did not find the hack that you were referring to be very threatening, as the user simply gained access to our administrative panel and advertised their server. We were and still are not aware of any critical information being leaked, as it first appeared to be another wannabe hacker. Note that I cannot guarantee that this was the exact incident. See the post below.

(01-16-2016, 08:58 AM)skeight Wrote: The following private message did not come from me or anyone here. This was spoofed by someone who decided to send out all these emails.

You have received a new private message on Minecraft World Map from skeight:
------------------------------------------
Hey guys wanted to let you know about the new awesome server!
Make sure to come and join and be a part of the community!
Server IP: [REMOVED]
------------------------------------------

Sorry about that everyone - working on figuring out who did this.

I do apologize that no one was directly informed of this, but rest assured this shouldn't happen again. Since the attack, we have increased our security measures and locked our administrative panel only to be accessible under certain conditions.

Okay, but this is what I just found out. https://www.leakedsource.com/main/?username=endendragon
Feel free to check your own email and usernames.

*skeight* · 08-11-2016, 09:28 PM,

The forum templates were compromised in December 2015 however I did not find any evidence of a copy of the database being retrieved after reviewing the server logs. The hacker did claim that he took a copy of the database but on the Internet anyone can claim anything.

Security was changed to block access to administrative tools.

I'm not sure where these sites get their information but if you PM me with any specifics you have that can confirm the data breach occurred then I will take steps to notify the effected individuals so they are aware it happened.