Possible data breach

Announcements made here about the game and the company.

Re: Possible data breach

Postby williewest » Wed Jan 02, 2019 3:03 am

Shyyster wrote:
williewest wrote:
Shyyster wrote:So why didn't BMG hear about this data breach from an in-house source before the Reddit post was made on this topic?

In-house source? There's like, 7 of them. That's few enough that they all could've been off enjoying their holidays without really checking into their missed calls and emails too intently. I doubt there's a little IT gremlin named Steve who just dwells in the office basement over Holiday break and monitors the intake of contacts.


Customers data being possibly breach should be a top priority issue where the Devs should have a system in place for emails/calls, even if it's 10+ missed calls from X person. At some point the excuse "It's a small team" needs to stop being a defense for BMG screwing up, this is that point.

Defense? It's not an excuse, more like "relevant and part of the fault in why these things happen." I'm not defending them and I don't intend to, I'm stating a fact: They have a small team, and this contributes towards the cons rather than the pros when issues arise.
My apologies for the lack of clarity.
Image

Discord: William#2527

"Gems and humans, I mean... You put enough pressure on coal, it becomes a diamond. You put enough pressure on a human, he kills himself. So you see, they have a lot in common, just not that." -Chilled Chaos
"The world can't tell you who you are. You've just got to figure out who you are and be there, for better or worse." -Dave Chappelle
User avatar
williewest
Escort
Escort
 
Posts: 70
Joined: Fri Nov 13, 2015 7:32 pm
Location: Pensacola, Florida

Re: Possible data breach

Postby orangeandblack5 » Wed Jan 02, 2019 3:06 am

Now would be a great time to switch to https for the forums too, no? Unless I'm seeing things my browser keeps flashing "WEBSITE NOT SECURE" at me in bright red every time I try to log in lol
Image
Spoiler: Yeah this sig is really outdated.
Help support my Investigator Results List Overhaul and Town of Salem 1.5 suggestions!
Image a a a a a
Favorite Roles: Janitor, Spy
Loved Roles: Jailor, Witch, Executioner
Hated Roles: Mafioso, Amnesiac, Arsonist, Vampire
ElderSivart wrote:I'm confused as to why BMG made a UI for Pirate and not Hypnotist.

Sarah Thorpe wrote:Role Ideas is great for masochists.
User avatar
orangeandblack5
Halloween 2017 Winner
Halloween 2017 Winner
 
Posts: 5450
Joined: Tue Mar 17, 2015 9:24 pm
Location: University of Michigan

Re: Possible data breach

Postby Achilles » Wed Jan 02, 2019 3:07 am

orangeandblack5 wrote:Now would be a great time to switch to https for the forums too, no? Unless I'm seeing things my browser keeps flashing "WEBSITE NOT SECURE" at me in bright red every time I try to log in lol


I'm on https right now
User avatar
Achilles
Developer
Developer
 
Posts: 913
Joined: Sat Feb 08, 2014 5:02 pm

Re: Possible data breach

Postby Dash2 » Wed Jan 02, 2019 3:08 am

Can we not have shit happen on the forums for 5 minutes anymore
Image

Spoiler: Never forget, spiritofspirits
Image
User avatar
Dash2
[Forum Mafia X] Winner
[Forum Mafia X] Winner
 
Posts: 3366
Joined: Wed Oct 21, 2015 4:05 pm
Location: A discord versiom of TRASH

Re: Possible data breach

Postby Technetium » Wed Jan 02, 2019 3:09 am

I'm on https and it says something about "website not fully secure, attackers can see and modify images" in a notice in the taskbar (Chrome browser)
User avatar
Technetium
Serial Killer
Serial Killer
 
Posts: 2078
Joined: Fri Dec 18, 2015 8:25 am
Location: Swatting time flies

Re: Possible data breach

Postby Nopingout » Wed Jan 02, 2019 3:09 am

Achilles wrote:
orangeandblack5 wrote:Now would be a great time to switch to https for the forums too, no? Unless I'm seeing things my browser keeps flashing "WEBSITE NOT SECURE" at me in bright red every time I try to log in lol


I'm on https right now

:BlueThink:

just you?
User avatar
Nopingout
Investigator
Investigator
 
Posts: 272
Joined: Thu Apr 27, 2017 2:45 am
Location: On the forums probably (UTC+10)

Re: Possible data breach

Postby kristian818 » Wed Jan 02, 2019 3:12 am

orangeandblack5 wrote:Now would be a great time to switch to https for the forums too, no? Unless I'm seeing things my browser keeps flashing "WEBSITE NOT SECURE" at me in bright red every time I try to log in lol


The forums currently allows both http and https connections. I don't know why they not just redirect http to https.
kristian818
Jester
Jester
 
Posts: 13
Joined: Thu May 12, 2016 4:22 am

Re: Possible data breach

Postby williewest » Wed Jan 02, 2019 3:15 am

orangeandblack5 wrote:Now would be a great time to switch to https for the forums too, no? Unless I'm seeing things my browser keeps flashing "WEBSITE NOT SECURE" at me in bright red every time I try to log in lol

I can help with this. From what I've just tested, going into your bookmarks and editing the BMG ones to contain https:// at the beginning, and also adding it to the url of the page you're currently on in the url bar does seem to make it default to https instead of http.
Alternatively, if your browser does not do this as a function or it reverts back to http, there's a handy extension for Chrome, Firefox and Opera called Redirector by Einar Egilsson that can be used to make sure it redirects to https every time a BMG site is entered.

Edit: Better alternative- "HTTPS everywhere" (Thank kristian818 a couple posts down)
Last edited by williewest on Wed Jan 02, 2019 3:22 am, edited 1 time in total.
Image

Discord: William#2527

"Gems and humans, I mean... You put enough pressure on coal, it becomes a diamond. You put enough pressure on a human, he kills himself. So you see, they have a lot in common, just not that." -Chilled Chaos
"The world can't tell you who you are. You've just got to figure out who you are and be there, for better or worse." -Dave Chappelle
User avatar
williewest
Escort
Escort
 
Posts: 70
Joined: Fri Nov 13, 2015 7:32 pm
Location: Pensacola, Florida

Re: Possible data breach

Postby Nopingout » Wed Jan 02, 2019 3:16 am

williewest wrote:
orangeandblack5 wrote:Now would be a great time to switch to https for the forums too, no? Unless I'm seeing things my browser keeps flashing "WEBSITE NOT SECURE" at me in bright red every time I try to log in lol

I can help with this. From what I've just tested, going into your bookmarks and editing the BMG ones to contain https:// at the beginning, and also adding it to the url of the page you're currently on in the url bar does seem to make it default to https instead of http.
Alternatively, if your browser does not do this as a function or it reverts back to http, there's a handy extension for Chrome, Firefox and Opera called Redirector by Einar Egilsson that can be used to make sure it redirects to https every time a BMG site is entered.

nice thanks
User avatar
Nopingout
Investigator
Investigator
 
Posts: 272
Joined: Thu Apr 27, 2017 2:45 am
Location: On the forums probably (UTC+10)

Re: Possible data breach

Postby kristian818 » Wed Jan 02, 2019 3:19 am

williewest wrote:There's a handy extension for Chrome, Firefox and Opera called Redirector by Einar Egilsson that can be used to make sure it redirects to https every time a BMG site is entered.


Personally I would recommend HTTPS everywhere as an extension instead. It is open source and supported by EFF and TOR
kristian818
Jester
Jester
 
Posts: 13
Joined: Thu May 12, 2016 4:22 am

Re: Possible data breach

Postby yauaustin202 » Wed Jan 02, 2019 3:20 am

Shouldn't this be pinned to the anoucements of every forum? Not everyone checks anouncements. Say forum games and FM users.
Would probably bring more awareness to the situation.
Spoiler:
User avatar
yauaustin202
Christmas 2016 Winner
Christmas 2016 Winner
 
Posts: 194
Joined: Sun Apr 19, 2015 8:29 am
Location: A calm, blissful tunnel in the middle of hell (GMT+7)

Re: Possible data breach

Postby williewest » Wed Jan 02, 2019 3:21 am

kristian818 wrote:
williewest wrote:There's a handy extension for Chrome, Firefox and Opera called Redirector by Einar Egilsson that can be used to make sure it redirects to https every time a BMG site is entered.


Personally I would recommend HTTPS everywhere as an extension instead. It is open source and supported by EFF and TOR

I like this guy. Go with him instead.
Image

Discord: William#2527

"Gems and humans, I mean... You put enough pressure on coal, it becomes a diamond. You put enough pressure on a human, he kills himself. So you see, they have a lot in common, just not that." -Chilled Chaos
"The world can't tell you who you are. You've just got to figure out who you are and be there, for better or worse." -Dave Chappelle
User avatar
williewest
Escort
Escort
 
Posts: 70
Joined: Fri Nov 13, 2015 7:32 pm
Location: Pensacola, Florida

Re: Possible data breach

Postby Technetium » Wed Jan 02, 2019 3:24 am

yauaustin202 wrote:Shouldn't this be pinned to the anoucements of every forum? Not everyone checks anouncements. Say forum games and FM users.
Would probably bring more awareness to the situation.

Really, should go further than that in getting people to know of this.
User avatar
Technetium
Serial Killer
Serial Killer
 
Posts: 2078
Joined: Fri Dec 18, 2015 8:25 am
Location: Swatting time flies

Re: Possible data breach

Postby Dash2 » Wed Jan 02, 2019 3:37 am

Reading the OP again, did you guys seriously just all went on vacation with no monitoring of the site at all???
Image

Spoiler: Never forget, spiritofspirits
Image
User avatar
Dash2
[Forum Mafia X] Winner
[Forum Mafia X] Winner
 
Posts: 3366
Joined: Wed Oct 21, 2015 4:05 pm
Location: A discord versiom of TRASH

Re: Possible data breach

Postby Michael007800 » Wed Jan 02, 2019 3:45 am

Technetium wrote:
yauaustin202 wrote:Shouldn't this be pinned to the anoucements of every forum? Not everyone checks anouncements. Say forum games and FM users.
Would probably bring more awareness to the situation.

Really, should go further than that in getting people to know of this.

I've just heard of this for the first time via the HaveIBeenPwned email alert. More info on the hack can be found on this website which alerted the breach.
https://blog.dehashed.com/town-of-salem ... es-hacked/

EDIT: Service name is HaveIBeenPwned, not You'veBeenPwned. I do recommend an account with them, its useful for tracking hacks on 99% of online websites.
https://haveibeenpwned.com/

Hope that things get patched up quickly, I have enjoyed a good game of ToS since the Kickstarters!
Better Mobile Forums? Support this!
viewtopic.php?f=14&t=9966


Don't click me!

Image
User avatar
Michael007800
Sponsor
Sponsor
 
Posts: 105
Joined: Fri Apr 25, 2014 11:56 pm
Location: England

Re: Possible data breach

Postby Deagler » Wed Jan 02, 2019 3:47 am

Dash2 wrote:Reading the OP again, did you guys seriously just all went on vacation with no monitoring of the site at all???


Relax, They did monitor. Dehashed's emails were going to spam. How often do you check your spam emails?

Also it's like a 5 person indie company, Chill out -- They were on holiday... Indie devs of all people deserve a break every now and then...
Deagler
Newbie
Newbie
 
Posts: 4
Joined: Thu Dec 04, 2014 11:00 pm

Re: Possible data breach

Postby kristian818 » Wed Jan 02, 2019 4:09 am

Deagler wrote:
Dash2 wrote:Reading the OP again, did you guys seriously just all went on vacation with no monitoring of the site at all???


Relax, They did monitor. Dehashed's emails were going to spam. How often do you check your spam emails?

Also it's like a 5 person indie company, Chill out -- They were on holiday... Indie devs of all people deserve a break every now and then...



They said they made a successful call: Friday, 12/28/2018 – 12:33 PM PST – Called BlankMediaGames

Sooooo
kristian818
Jester
Jester
 
Posts: 13
Joined: Thu May 12, 2016 4:22 am

Re: Possible data breach

Postby Dash2 » Wed Jan 02, 2019 4:10 am

Deagler wrote:
Dash2 wrote:Reading the OP again, did you guys seriously just all went on vacation with no monitoring of the site at all???


Relax, They did monitor. Dehashed's emails were going to spam. How often do you check your spam emails?

Also it's like a 5 person indie company, Chill out -- They were on holiday... Indie devs of all people deserve a break every now and then...

Hahaha let's take a holiday break after recent brute force attacks. Spammers take holidays right?
Image

Spoiler: Never forget, spiritofspirits
Image
User avatar
Dash2
[Forum Mafia X] Winner
[Forum Mafia X] Winner
 
Posts: 3366
Joined: Wed Oct 21, 2015 4:05 pm
Location: A discord versiom of TRASH

Re: Possible data breach

Postby Dash2 » Wed Jan 02, 2019 4:11 am

Seriously don't bother speaking in for them if you don't know what you're talking about
Image

Spoiler: Never forget, spiritofspirits
Image
User avatar
Dash2
[Forum Mafia X] Winner
[Forum Mafia X] Winner
 
Posts: 3366
Joined: Wed Oct 21, 2015 4:05 pm
Location: A discord versiom of TRASH

Re: Possible data breach

Postby Sting » Wed Jan 02, 2019 4:13 am

id ignore my phone over christmas too specially if it's a number i dont recognise. Might be negligence on BMG's part but that's not really important at this stage

Not the time to really point fingers and witch hunt until we know the full details in my opinion. Right now everybody associated with the game is in the same boat. Just cooperate until more news is broken then have your say. I'm sure they're all losing sleep tonight over this.
Sting
Medium
Medium
 
Posts: 152
Joined: Tue Aug 05, 2014 2:38 am
Location: Eire

Re: Possible data breach

Postby lemonader666 » Wed Jan 02, 2019 4:36 am

PotheadPrincess wrote:Could you perhaps update your password security? 6 characters is easy for hackers to bypass. Update it to 8 characters or more, with special characters and numbers

Symbols? Seriously? Jfc
User avatar
lemonader666
[Forum Mafia XVI] Winner
[Forum Mafia XVI] Winner
 
Posts: 1509
Joined: Tue Nov 08, 2016 9:24 pm
Location: there was something here

Re: Possible data breach

Postby yauaustin202 » Wed Jan 02, 2019 4:45 am

lemonader666 wrote:
PotheadPrincess wrote:Could you perhaps update your password security? 6 characters is easy for hackers to bypass. Update it to 8 characters or more, with special characters and numbers

Symbols? Seriously? Jfc

It's the user's choice on how responsible the user wanna be on their password security, that responsibility should be held by the user not the company. The company just needs to keep the passwords secure and not have them leaked.
Some of us don't feel like making our password s5N=S7J&MrMX?JEy and that should be okay. If my password is unhackablepassword123, and i get hacked, i deserve that.
Spoiler:
User avatar
yauaustin202
Christmas 2016 Winner
Christmas 2016 Winner
 
Posts: 194
Joined: Sun Apr 19, 2015 8:29 am
Location: A calm, blissful tunnel in the middle of hell (GMT+7)

Re: Possible data breach

Postby Achilles » Wed Jan 02, 2019 4:45 am

We’re seeing some reports that weak passwords can be cracked through the md5 hash. If your ToS password is shared with any other accounts you should change those passwords to be safe.
User avatar
Achilles
Developer
Developer
 
Posts: 913
Joined: Sat Feb 08, 2014 5:02 pm

Re: Possible data breach

Postby Dash2 » Wed Jan 02, 2019 4:48 am

First mistake was MD5
Image

Spoiler: Never forget, spiritofspirits
Image
User avatar
Dash2
[Forum Mafia X] Winner
[Forum Mafia X] Winner
 
Posts: 3366
Joined: Wed Oct 21, 2015 4:05 pm
Location: A discord versiom of TRASH

Re: Possible data breach

Postby Technetium » Wed Jan 02, 2019 4:49 am

Wikipedia article on MD5 hash wrote:The weaknesses of MD5 have been exploited in the field, most infamously by the Flame malware in 2012. The CMU Software Engineering Institute considers MD5 essentially "cryptographically broken and unsuitable for further use".


So...if the hashing isn't doing its job...why is that hashing method in use?
User avatar
Technetium
Serial Killer
Serial Killer
 
Posts: 2078
Joined: Fri Dec 18, 2015 8:25 am
Location: Swatting time flies

PreviousNext

Return to Announcements

Who is online

Users browsing this forum: Bing [Bot] and 3 guests