Data Breach Update

Announcements made here about the game and the company.

Re: Data Breach Update

Postby Technetium » Thu Jan 03, 2019 7:42 pm

If you don't use the password you used here for anything else, the only thing whoever breached the site can get at with the information they have is your ToS account. Is that the case?
Image

In memory of those who have been deleted.
The last poster to survive Blindside Island will win a cookie. Or perhaps 1500...
Technetium#8515 on Discord
User avatar
Technetium
Godfather
Godfather
 
Posts: 1941
Joined: Fri Dec 18, 2015 8:25 am
Location: The city, she's been dead, for years now...

Re: Data Breach Update

Postby LevinSnakesRise » Thu Jan 03, 2019 7:43 pm

Ozyrox wrote:Can't I just not change it? I don't see what they could possibly do with my information if it isn't linked to my email password. Haven't made any payments or done anything significant. I mean sure they can use my account to play a few rounds don't see what thats gonna do to me. I just don't want to change it to a more secure password since this hacking may happen again and we'd all be back to square one with my secure passwords no longer being secure. Sorry for not quite trusting the system but this is the reason why I didn't use a good password to begin with. I know that if I use a secure password it would be harder for them to figure it out but the keyword here is harder not impossible.

Oh shit boi, it's Ozy. God that's a name I haven't seen in years.
Please contact BMG with any questions regarding your account issues;
support@blankmediagames.zendesk.com

Thanks.
User avatar
LevinSnakesRise
Site Admin
Site Admin
 
Posts: 16789
Joined: Thu Aug 07, 2014 9:45 pm
Location: USA

Re: Data Breach Update

Postby Ozyrox » Thu Jan 03, 2019 7:55 pm

Technetium wrote:If you don't use the password you used here for anything else, the only thing whoever breached the site can get at with the information they have is your ToS account. Is that the case?


pretty much. The password is simplistic enough to be suitable to the site without the risk of exposing my other more secure passwords. I mean I've probably used something similar before but ive discontinued using those sites and there isn't any information that can be taken from them. Feel free to play on my LOL account tho, I tried installing that some years ago and made an account with them but never got to play because of my soddy internet connection that said I had negative years left for the download to finish. I think i got banned immediately for abandoning the only game I got to play so :lol:
Refresh for a new GIF!!


Image


Spoiler: MY ROLE IDEAS


Image
User avatar
Ozyrox
Serial Killer
Serial Killer
 
Posts: 2431
Joined: Sun Sep 21, 2014 3:00 am
Location: With the Justice League in space

Re: Data Breach Update

Postby Ozyrox » Thu Jan 03, 2019 7:57 pm

Naru2008 wrote:
Ozyrox wrote:Can't I just not change it? I don't see what they could possibly do with my information if it isn't linked to my email password. Haven't made any payments or done anything significant. I mean sure they can use my account to play a few rounds don't see what thats gonna do to me. I just don't want to change it to a more secure password since this hacking may happen again and we'd all be back to square one with my secure passwords no longer being secure. Sorry for not quite trusting the system but this is the reason why I didn't use a good password to begin with. I know that if I use a secure password it would be harder for them to figure it out but the keyword here is harder not impossible.

Oh shit boi, it's Ozy. God that's a name I haven't seen in years.


It's nice to see some familiar names around as well, life unfortunately consumed me for a while and I don't know how long i'll be around for. Hopefully this password thing doesn't cause any mishaps tho, the only actual problem I see with not changing my password is that someone could impersonate me without my knowledge and possible say or do a few bad things
Refresh for a new GIF!!


Image


Spoiler: MY ROLE IDEAS


Image
User avatar
Ozyrox
Serial Killer
Serial Killer
 
Posts: 2431
Joined: Sun Sep 21, 2014 3:00 am
Location: With the Justice League in space

Re: Data Breach Update

Postby PantherPage » Thu Jan 03, 2019 8:08 pm

Thank you The Blank Media Games, for alerting me to this event. It is nice to see that a game company actually cares about their customer base.
Happy New Year.
PantherPage
Newbie
Newbie
 
Posts: 1
Joined: Thu Aug 02, 2018 10:26 pm

Re: Data Breach Update

Postby Metaphorical » Thu Jan 03, 2019 9:29 pm

I've got to be honest with you, this pretty much sums up anything I'd have to say about the breach (from another user, on steam):

This
Metaphorical
Newbie
Newbie
 
Posts: 2
Joined: Fri Nov 28, 2014 1:00 am

Re: Data Breach Update

Postby ZoruaLuhansk » Thu Jan 03, 2019 10:06 pm

mamazavulan wrote:
Password must be between 8 and 32 characters long, must contain letters in mixed case, must contain numbers and must contain symbols.

For the record, this is really obnoxious. Was not a previous requirement, nor should this be a requirement.

This.
For me, I just get a bunch of words from Random Word Generator and put that as my password. If my password is 27 characters, I feel that needing to add symbols and numbers to my password causes more harm trying to remember where I put them than the extra security it brings.
consider this account deleted
don't try to contact me unless I have you as a discord friend
ZoruaLuhansk
Spy
Spy
 
Posts: 138
Joined: Fri Oct 06, 2017 2:24 pm
Location: Furry Pride

Re: Data Breach Update

Postby TurdPile » Thu Jan 03, 2019 11:47 pm

ZoruaLuhansk wrote:
mamazavulan wrote:
Password must be between 8 and 32 characters long, must contain letters in mixed case, must contain numbers and must contain symbols.

For the record, this is really obnoxious. Was not a previous requirement, nor should this be a requirement.

This.
For me, I just get a bunch of words from Random Word Generator and put that as my password. If my password is 27 characters, I feel that needing to add symbols and numbers to my password causes more harm trying to remember where I put them than the extra security it brings.


I've dropped it back down to alphanumeric, since length is more important than complexity anyway. But I don't think people would appreciate if I upped the required minimum to something like 10 or more lol.
I have mostly rescinded my role as Admin.

All previous contact should instead be redirected to Flavorable.

If your inquiry doesn't directly have to do with Trial 2.0 or TrialBot, then please refrain from messaging.

Thank you.
User avatar
TurdPile
Vampire
Vampire
 
Posts: 8900
Joined: Tue Feb 11, 2014 10:25 am
Location: Massachusetts

Re: Data Breach Update

Postby Tiny3001 » Fri Jan 04, 2019 12:50 am

And still, you're forum likes linking to HTTP by default... I was about to reset my password over HTTP, even though you have HTTPS available! It's silly security decisions like this that causes breaches in the first place!
Tiny3001
Newbie
Newbie
 
Posts: 1
Joined: Mon May 23, 2016 12:20 pm

Re: Data Breach Update

Postby GeniusWind » Fri Jan 04, 2019 12:52 am

switching to a more secure hashing algorithm is not a problem? Simply have a flag for each user that is set when the user successfully resets their password. Don't allow the user to login without resetting their password such that only inactive accounts will not have reset their passwords. eZ
Algorithm should be switched ASAP. Y u no use SHA-2?
Dislike: Passive 50 IQ low elo trash punks, eZ
Image

Stats: Spoiler: Legacy Season: Silver ELO (hiatus after a week from season beginning; played months during prelegacy)
Season 3: ~2700 ELO [~ 52.8%]
Season 4: 3115 ELO [28.6% to 58%(max) ~ 54.5%]

----------------Subscribe to https://youtube.com/user/Vsefotonz on Youtube---Copy and paste this rignt now!!!
User avatar
GeniusWind
 
Posts: 96
Joined: Wed Feb 18, 1970 1:07 pm
Location: Church

Re: Data Breach Update

Postby TurdPile » Fri Jan 04, 2019 1:31 am

GeniusWind wrote:switching to a more secure hashing algorithm is not a problem? Simply have a flag for each user that is set when the user successfully resets their password. Don't allow the user to login without resetting their password such that only inactive accounts will not have reset their passwords. eZ
Algorithm should be switched ASAP. Y u no use SHA-2?


SHA1,2 and 3 are all as trivial as md5 at this point. Anyway, I touched on this topic here: #3054055
I have mostly rescinded my role as Admin.

All previous contact should instead be redirected to Flavorable.

If your inquiry doesn't directly have to do with Trial 2.0 or TrialBot, then please refrain from messaging.

Thank you.
User avatar
TurdPile
Vampire
Vampire
 
Posts: 8900
Joined: Tue Feb 11, 2014 10:25 am
Location: Massachusetts

Re: Data Breach Update

Postby Alicitzen » Fri Jan 04, 2019 2:00 am

Naru2008 wrote:
Ozyrox wrote:Can't I just not change it? I don't see what they could possibly do with my information if it isn't linked to my email password. Haven't made any payments or done anything significant. I mean sure they can use my account to play a few rounds don't see what thats gonna do to me. I just don't want to change it to a more secure password since this hacking may happen again and we'd all be back to square one with my secure passwords no longer being secure. Sorry for not quite trusting the system but this is the reason why I didn't use a good password to begin with. I know that if I use a secure password it would be harder for them to figure it out but the keyword here is harder not impossible.

Oh shit boi, it's Ozy. God that's a name I haven't seen in years.

naarruuuu your avatar isnt appearing anymore
Discord: Alicitzen#1312
Image
Image
Image
Image
Image
Image
Image
Image
Image
Image
User avatar
Alicitzen
Valentines 2017
Valentines 2017
 
Posts: 7991
Joined: Mon Mar 10, 2014 10:56 am
Location: Chaldea

Re: Data Breach Update

Postby HellnoRO » Fri Jan 04, 2019 6:17 am

Stu34666 wrote:I was going to post the same as hope64 above. Salt is a random string (to be most beneficial it should be long and unique to each user) added to the plaintext input - a way of making your password even longer - it's not dependent on any hashing algorithm.

$salt = bin2hex( random_bytes(32) );
-> '91a779e1c9bfe1d074f08c2637710a1dc2ebf591cf684c34d6569feda4b13604'

md5( 'password123' ) -> 482c811da5d5b4bc6d497ffa98491e38
md5 ( 'password12391a779e1c9bfe1d074f08c2637710a1dc2ebf591cf684c34d6569feda4b13604' ) -> 981187ec7518c9634e88e9c9a6ba251f

Cracking of md5 password hashes is usually done with rainbow tables ( basically a spreadsheet of plain text passwords and their corresponding md5 hash, for that method to be useful with a salted password, the rainbow table would need a row with 'password12391a779e1c9bfe1d074f08c2637710a1dc2ebf591cf684c34d6569feda4b13604' in it ) or brut-force ( dictionary words and oft-used passwords are md5-hashed and compared to the hash in the breached list - again for that to work the word 'password12391a779e1c9bfe1d074f08c2637710a1dc2ebf591cf684c34d6569feda4b13604' would have to be one that's guessed )


re moving to a different hash - that can be done without having access to the plain-text by double-hashing e.g. bcrypt( md5( 'password123' )) -> password_hash("482c811da5d5b4bc6d497ffa98491e38", PASSWORD_BCRYPT, ['cost' => 14] ) -> $2y$14$1seSmg0kLvKVPyoXIwipt.GbBW5tgetvN08gyHak14iKGvcOhNsMe

There's a good writeup here https://www.michalspacek.com/upgrading- ... ord-hashes


going through 2 hashing algorithms whenever authenticating a user is one of the ugliest approaches i've ever seen. Also, converting 8 million passwords to bcrypt, which takes 1-2 seconds to do per password would take quite a while.
HellnoRO
Jester
Jester
 
Posts: 17
Joined: Wed Apr 27, 2016 3:51 am

Re: Data Breach Update

Postby Royee » Fri Jan 04, 2019 6:48 am

@devs , @ admins , @ mods.
Someone on reddit posted and admitted that he breached all of the passwords and sold it for some cash. What are you going to do about him?
Recent Town game - 21A
Recent Mafia game - VFM73
Recent Neutral game - 17B
User avatar
Royee
Easter 2020 Winner
Easter 2020 Winner
 
Posts: 333
Joined: Wed Sep 30, 2015 1:11 pm
Location: UTC +3

Re: Data Breach Update

Postby Ozyrox » Fri Jan 04, 2019 7:40 am

Royee wrote:@devs , @ admins , @ mods.
Someone on reddit posted and admitted that he breached all of the passwords and sold it for some cash. What are you going to do about him?

You should probably provide a link here so they know who was responsible
Refresh for a new GIF!!


Image


Spoiler: MY ROLE IDEAS


Image
User avatar
Ozyrox
Serial Killer
Serial Killer
 
Posts: 2431
Joined: Sun Sep 21, 2014 3:00 am
Location: With the Justice League in space

Re: Data Breach Update

Postby Royee » Fri Jan 04, 2019 7:44 am

Ozyrox wrote:
Royee wrote:@devs , @ admins , @ mods.
Someone on reddit posted and admitted that he breached all of the passwords and sold it for some cash. What are you going to do about him?

You should probably provide a link here so they know who was responsible

Sure thing , i will provide a link once i come back home(on phone rn). For now the username is u/Darkstrider666
He has only 1 post so it shouldnt be hard to to find it.
Recent Town game - 21A
Recent Mafia game - VFM73
Recent Neutral game - 17B
User avatar
Royee
Easter 2020 Winner
Easter 2020 Winner
 
Posts: 333
Joined: Wed Sep 30, 2015 1:11 pm
Location: UTC +3

Re: Data Breach Update

Postby slasherslayer » Fri Jan 04, 2019 7:57 am

Royee wrote:
Ozyrox wrote:
Royee wrote:@devs , @ admins , @ mods.
Someone on reddit posted and admitted that he breached all of the passwords and sold it for some cash. What are you going to do about him?

You should probably provide a link here so they know who was responsible

Sure thing , i will provide a link once i come back home(on phone rn). For now the username is u/Darkstrider666
He has only 1 post so it shouldnt be hard to to find it.


Tp already replied to it, the account is a throwaway, and it's actually been tagged by the mods there, and given a unique flair. It's relevant info, but they already found it. It also can't help them at this point, all the damage is done. The only thing this does is inform the users and tarnish the dev's already failing reputation more.
Naru Is My New God.
slasherslayer
Amnesiac
Amnesiac
 
Posts: 6
Joined: Wed Sep 14, 2016 2:23 pm

Re: Data Breach Update

Postby xXWeaponPrimeXx » Fri Jan 04, 2019 9:44 am

99Pineapples wrote:
xXWeaponPrimeXx wrote:Maybe I'm just horrifically incompetent but I can't find where to change my password. Can someone tell me where to click/look?
Someone please help! I've looked for probably 20-25 minutes and can't find anywhere to change my password from the string of numbers and letters the e-mail password reset gave me.


I found it after a little searching.

Click User Control Panel

Click on Profile

Last option there is Edit account settings

You'll find it in there. :)
xXWeaponPrimeXx
Benefactor
Benefactor
 
Posts: 2
Joined: Mon Oct 20, 2014 4:02 pm

Re: Data Breach Update

Postby Gorlegg » Fri Jan 04, 2019 9:51 am

So you're asking me to change my password because it has been stolen from you, and THEN you send me a clear-text password by e-mail? I see that any information I give to you is being well kept! :shock:
Gorlegg
Newbie
Newbie
 
Posts: 2
Joined: Fri Sep 09, 2016 5:12 pm

Re: Data Breach Update

Postby Alicitzen » Fri Jan 04, 2019 11:20 am

:LUL: email about this got junk filtered and i didnt see it tilpeople said emails were sent and i dug for it :LUL:
Discord: Alicitzen#1312
Image
Image
Image
Image
Image
Image
Image
Image
Image
Image
User avatar
Alicitzen
Valentines 2017
Valentines 2017
 
Posts: 7991
Joined: Mon Mar 10, 2014 10:56 am
Location: Chaldea

Re: Data Breach Update

Postby Flavorable » Fri Jan 04, 2019 12:40 pm

Alicitzen wrote::LUL: email about this got junk filtered and i didnt see it tilpeople said emails were sent and i dug for it :LUL:


So far, from what I heard, this seems to be a hotmail issue, because hotmail auto-spamfilters it.

On gmail, I got it straight away in my inbox.
No reply to your support ticket after 15 business days? PM me with your ticket number.

You may PM me for clarifications on appeal verdicts, but keep in mind the verdict will not change.

Do you have 151+ games played and want to help rid the community of toxic players and gamethrowers? Join the Trial System today: https://www.blankmediagames.com/Trial/#start

Also, check out the Trial System Discord Server: https://discord.gg/K5SnyJS
User avatar
Flavorable
Global Moderator
Global Moderator
 
Posts: 9279
Joined: Thu Apr 28, 2016 3:24 am
Location: Netherlands

Re: Data Breach Update

Postby Alicitzen » Fri Jan 04, 2019 12:43 pm

Flavorable wrote:
Alicitzen wrote::LUL: email about this got junk filtered and i didnt see it tilpeople said emails were sent and i dug for it :LUL:


So far, from what I heard, this seems to be a hotmail issue, because hotmail auto-spamfilters it.

On gmail, I got it straight away in my inbox.

I do not use hotmail so no idea where thats comin from.
Discord: Alicitzen#1312
Image
Image
Image
Image
Image
Image
Image
Image
Image
Image
User avatar
Alicitzen
Valentines 2017
Valentines 2017
 
Posts: 7991
Joined: Mon Mar 10, 2014 10:56 am
Location: Chaldea

Re: Data Breach Update

Postby TurdPile » Fri Jan 04, 2019 12:44 pm

Gorlegg wrote:So you're asking me to change my password because it has been stolen from you, and THEN you send me a clear-text password by e-mail? I see that any information I give to you is being well kept! :shock:


It's a randomly generated password that you should be using to login once and then reset immediately by you. It is never intended to be maintained as your permanent password.
I have mostly rescinded my role as Admin.

All previous contact should instead be redirected to Flavorable.

If your inquiry doesn't directly have to do with Trial 2.0 or TrialBot, then please refrain from messaging.

Thank you.
User avatar
TurdPile
Vampire
Vampire
 
Posts: 8900
Joined: Tue Feb 11, 2014 10:25 am
Location: Massachusetts

Re: Data Breach Update

Postby Flavorable » Fri Jan 04, 2019 12:56 pm

Alicitzen wrote:
Flavorable wrote:
Alicitzen wrote::LUL: email about this got junk filtered and i didnt see it tilpeople said emails were sent and i dug for it :LUL:


So far, from what I heard, this seems to be a hotmail issue, because hotmail auto-spamfilters it.

On gmail, I got it straight away in my inbox.

I do not use hotmail so no idea where thats comin from.


Are you using Outlook or Msn then? (Just trying to figure out where/why e-mails get spamfiltered)
No reply to your support ticket after 15 business days? PM me with your ticket number.

You may PM me for clarifications on appeal verdicts, but keep in mind the verdict will not change.

Do you have 151+ games played and want to help rid the community of toxic players and gamethrowers? Join the Trial System today: https://www.blankmediagames.com/Trial/#start

Also, check out the Trial System Discord Server: https://discord.gg/K5SnyJS
User avatar
Flavorable
Global Moderator
Global Moderator
 
Posts: 9279
Joined: Thu Apr 28, 2016 3:24 am
Location: Netherlands

Re: Data Breach Update

Postby Magnasword2 » Fri Jan 04, 2019 1:43 pm

I jsut find it completely baffling someone would want to hack TOS accounts. What are they going to do, start using active accounts as bots? Oy vey
https://www.youtube.com/user/magnasword2evo
twitch.tv/magnasword2

Youtuber,Streamer and lover of all strategy games

Names in game: Too many to count.
User avatar
Magnasword2
Benefactor
Benefactor
 
Posts: 515
Joined: Wed Mar 12, 2014 4:32 pm
Location: Stockton-on-tees, UK

PreviousNext

Return to Announcements

Who is online

Users browsing this forum: No registered users and 8 guests