Data Breach Update

Announcements made here about the game and the company.

Re: Data Breach Update

Postby shapesifter13 » Fri Jan 04, 2019 1:51 pm

The reason to hack our site is not really to hack our site. It is to get people's usernames and password that they might have reused for other sites, such as paypal.
shapesifter13
Developer
Developer
 
Posts: 4681
Joined: Fri Jan 02, 2015 4:55 pm

Re: Data Breach Update

Postby Flavorable » Fri Jan 04, 2019 1:53 pm

shapesifter13 wrote:The reason to hack our site is not really to hack our site. It is to get people's usernames and password that they might have reused for other sites, such as paypal.


And quite possibly to sell the data. That's generally the intent of most hackers. To get money the sleazy way by duping companies and their unsuspecting customers. Why work for your money when you can just steal instead?
No reply to your support ticket after 15 business days? PM me with your ticket number.

You may PM me for clarifications on appeal verdicts, but keep in mind the verdict will not change.

Do you have 151+ games played and want to help rid the community of toxic players and gamethrowers? Join the Trial System today: https://www.blankmediagames.com/Trial/#start

Also, check out the Trial System Discord Server: https://discord.gg/K5SnyJS
User avatar
Flavorable
Global Moderator
Global Moderator
 
Posts: 9279
Joined: Thu Apr 28, 2016 3:24 am
Location: Netherlands

Re: Data Breach Update

Postby YFYDB » Fri Jan 04, 2019 1:54 pm

Officially i am giving up reading all posts so.
Are we still threatened? Or is it over?
My avatar is a random picture found in the internet.
User avatar
YFYDB
Witch
Witch
 
Posts: 41
Joined: Thu Aug 03, 2017 9:08 am

Re: Data Breach Update

Postby TurnaboutTeddy » Fri Jan 04, 2019 1:55 pm

Flavorable wrote:
Alicitzen wrote:
Flavorable wrote:
Alicitzen wrote::LUL: email about this got junk filtered and i didnt see it tilpeople said emails were sent and i dug for it :LUL:


So far, from what I heard, this seems to be a hotmail issue, because hotmail auto-spamfilters it.

On gmail, I got it straight away in my inbox.

I do not use hotmail so no idea where thats comin from.


Are you using Outlook or Msn then? (Just trying to figure out where/why e-mails get spamfiltered)

Using AOL and it got filtered.
CaO :3

Favorite roles: Coven Leader, Coven Leader, Witch, Coven Leader, Coven Leader, and also Coven Leader!
Least favorite roles: All that other stuff. But screw Amnesiac in particular.
TurnaboutTeddy
Witch
Witch
 
Posts: 40
Joined: Sat Mar 14, 2015 9:54 pm

Re: Data Breach Update

Postby YFYDB » Fri Jan 04, 2019 3:02 pm

I'm devastated, that dude, who knows millions of times more than me about IT stuff, has the same password for everything...
My avatar is a random picture found in the internet.
User avatar
YFYDB
Witch
Witch
 
Posts: 41
Joined: Thu Aug 03, 2017 9:08 am

Re: Data Breach Update

Postby Gorlegg » Fri Jan 04, 2019 3:22 pm

TurdPile wrote:It's a randomly generated password that you should be using to login once and then reset immediately by you. It is never intended to be maintained as your permanent password.


I understand that priorities lie on other things at the moment. Still I hope we can agree that this is bad practice and that it needs to be changed!
Gorlegg
Newbie
Newbie
 
Posts: 2
Joined: Fri Sep 09, 2016 5:12 pm

Re: Data Breach Update

Postby Meganloves » Fri Jan 04, 2019 4:02 pm

binbash3r wrote:
ElderSivart wrote:
binbash3r wrote:The more important question for me is:

Is there a way to remove my forum account, and if so, how do I start that process? I do not plan on using the forums at any point apart from making this post. As far as I can tell, I've not used it before. I would rather remove my account entirely if there's a data breach on a forum that I never use, so that it does not happen again. I value my personal information and see this as a good reason to go ahead and cut ties, regardless if that data has already been breached or not. There are things that I can do to keep this from happening, like using fake emails or removing the account entirely - the second being the most optimal option in my case.

The forum account is the same account as your game account, with everything connected.
So no, you cannot delete just the forum-side without being unable to play the game.


I don't actually own the game. I played it once or twice with friends through the old free browser version.

I'll ask again, since it didn't get answered the first time around:
Is there a way to remove my account permanently from the forums and if so, how do I start the process?


not at this point in time
User avatar
Meganloves
Retributionist
Retributionist
 
Posts: 349
Joined: Thu Oct 13, 2016 4:32 pm
Location: House #13 in Salem

Re: Data Breach Update

Postby TurdPile » Fri Jan 04, 2019 4:52 pm

Meganloves wrote:
binbash3r wrote:
ElderSivart wrote:
binbash3r wrote:The more important question for me is:

Is there a way to remove my forum account, and if so, how do I start that process? I do not plan on using the forums at any point apart from making this post. As far as I can tell, I've not used it before. I would rather remove my account entirely if there's a data breach on a forum that I never use, so that it does not happen again. I value my personal information and see this as a good reason to go ahead and cut ties, regardless if that data has already been breached or not. There are things that I can do to keep this from happening, like using fake emails or removing the account entirely - the second being the most optimal option in my case.

The forum account is the same account as your game account, with everything connected.
So no, you cannot delete just the forum-side without being unable to play the game.


I don't actually own the game. I played it once or twice with friends through the old free browser version.

I'll ask again, since it didn't get answered the first time around:
Is there a way to remove my account permanently from the forums and if so, how do I start the process?


not at this point in time


viewtopic.php?f=38&t=38940
I have mostly rescinded my role as Admin.

All previous contact should instead be redirected to Flavorable.

If your inquiry doesn't directly have to do with Trial 2.0 or TrialBot, then please refrain from messaging.

Thank you.
User avatar
TurdPile
Vampire
Vampire
 
Posts: 8900
Joined: Tue Feb 11, 2014 10:25 am
Location: Massachusetts

Re: Data Breach Update

Postby TurdPile » Fri Jan 04, 2019 4:58 pm

Gorlegg wrote:
TurdPile wrote:It's a randomly generated password that you should be using to login once and then reset immediately by you. It is never intended to be maintained as your permanent password.


I understand that priorities lie on other things at the moment. Still I hope we can agree that this is bad practice and that it needs to be changed!


BMG uses SSL while sending emails. The password is hashed on the fly, saved in the DB, and emailed right to you - there's no logging of any sort there. Which means there's a higher chance of someone learning that password simply by looking over your shoulder, than it would be even if the backdoor to BMG servers were still in place. But yes, cleartext password submitted anywhere is generally bad practice
I have mostly rescinded my role as Admin.

All previous contact should instead be redirected to Flavorable.

If your inquiry doesn't directly have to do with Trial 2.0 or TrialBot, then please refrain from messaging.

Thank you.
User avatar
TurdPile
Vampire
Vampire
 
Posts: 8900
Joined: Tue Feb 11, 2014 10:25 am
Location: Massachusetts

Re: Data Breach Update

Postby Meganloves » Fri Jan 04, 2019 5:06 pm

Meganloves wrote:
binbash3r wrote:
ElderSivart wrote:
binbash3r wrote:The more important question for me is:

Is there a way to remove my forum account, and if so, how do I start that process? I do not plan on using the forums at any point apart from making this post. As far as I can tell, I've not used it before. I would rather remove my account entirely if there's a data breach on a forum that I never use, so that it does not happen again. I value my personal information and see this as a good reason to go ahead and cut ties, regardless if that data has already been breached or not. There are things that I can do to keep this from happening, like using fake emails or removing the account entirely - the second being the most optimal option in my case.

The forum account is the same account as your game account, with everything connected.
So no, you cannot delete just the forum-side without being unable to play the game.


I don't actually own the game. I played it once or twice with friends through the old free browser version.

I'll ask again, since it didn't get answered the first time around:
Is there a way to remove my account permanently from the forums and if so, how do I start the process?


cough.

Try this :BlobSweat:

viewtopic.php?f=38&t=38940
User avatar
Meganloves
Retributionist
Retributionist
 
Posts: 349
Joined: Thu Oct 13, 2016 4:32 pm
Location: House #13 in Salem

Re: Data Breach Update

Postby Alicitzen » Fri Jan 04, 2019 5:12 pm

Flavorable wrote:
Alicitzen wrote:
Flavorable wrote:
Alicitzen wrote::LUL: email about this got junk filtered and i didnt see it tilpeople said emails were sent and i dug for it :LUL:


So far, from what I heard, this seems to be a hotmail issue, because hotmail auto-spamfilters it.

On gmail, I got it straight away in my inbox.

I do not use hotmail so no idea where thats comin from.


Are you using Outlook or Msn then? (Just trying to figure out where/why e-mails get spamfiltered)

I use outlook
Discord: Alicitzen#1312
Image
Image
Image
Image
Image
Image
Image
Image
Image
Image
User avatar
Alicitzen
Valentines 2017
Valentines 2017
 
Posts: 7991
Joined: Mon Mar 10, 2014 10:56 am
Location: Chaldea

Re: Data Breach Update

Postby Metaphorical » Fri Jan 04, 2019 10:17 pm

This is no surprise with the lack of security features on their sites.

Months of bot spam in games.
No SSL encryption on the website.
Their forum phpBB version is five years old and with very basic MD5 hashing.
The custom captchas they had before it was eventually changed.
Multiple instances of devs doxing players.
The forums don't even use HTTPS which violateAct 32 of the GDPR.

The data breach happened on the 28th of December and we were only notified today, 5 days after it happened and about 48 hours too late for the GDPR.
It's almost unreal that the devs only found out about such a massive breach on the 1st of January.

This isn't acceptable from BlankMediaGames at all...
Metaphorical
Newbie
Newbie
 
Posts: 2
Joined: Fri Nov 28, 2014 1:00 am

Re: Data Breach Update

Postby Villagerlover » Sat Jan 05, 2019 9:52 am

Metaphorical wrote:This is no surprise with the lack of security features on their sites.

Months of bot spam in games.
No SSL encryption on the website.
Their forum phpBB version is five years old and with very basic MD5 hashing.
The custom captchas they had before it was eventually changed.
Multiple instances of devs doxing players.
The forums don't even use HTTPS which violateAct 32 of the GDPR.

The data breach happened on the 28th of December and we were only notified today, 5 days after it happened and about 48 hours too late for the GDPR.
It's almost unreal that the devs only found out about such a massive breach on the 1st of January.

This isn't acceptable from BlankMediaGames at all...


To be perfectly honest, this isn't much of a surprise considering their reputation. It hasn't exactly been going so well.
Wanna say somethin'? >B3
PM
User avatar
Villagerlover
Consigliere
Consigliere
 
Posts: 1293
Joined: Wed Jun 03, 2015 3:59 pm
Location: Hang on I need to ask Google Maps

Re: Data Breach Update

Postby Flavorable » Sat Jan 05, 2019 6:30 pm

Metaphorical wrote:This is no surprise with the lack of security features on their sites.

Months of bot spam in games.
No SSL encryption on the website.
Their forum phpBB version is five years old and with very basic MD5 hashing.
The custom captchas they had before it was eventually changed.
Multiple instances of devs doxing players.
The forums don't even use HTTPS which violateAct 32 of the GDPR.

The data breach happened on the 28th of December and we were only notified today, 5 days after it happened and about 48 hours too late for the GDPR.
It's almost unreal that the devs only found out about such a massive breach on the 1st of January.

This isn't acceptable from BlankMediaGames at all...


The forums were available in HTTPS, always have been. Also can I not find anywhere stated in the GDPR that websites are obligated to automatically refer to HTTPS. If that were the case than basically 90% of all webpages should be taken down.
Also, the GDPR states after they are aware of a data breach they have to reach out within 72 hours. Not after a breach happens.

Also, when did Devs actually dox players?

And last but not least: How is it the fault of BMG that a couple of trolls who couldn't have their way decided to make bots just to ruin everyone else's game?
No reply to your support ticket after 15 business days? PM me with your ticket number.

You may PM me for clarifications on appeal verdicts, but keep in mind the verdict will not change.

Do you have 151+ games played and want to help rid the community of toxic players and gamethrowers? Join the Trial System today: https://www.blankmediagames.com/Trial/#start

Also, check out the Trial System Discord Server: https://discord.gg/K5SnyJS
User avatar
Flavorable
Global Moderator
Global Moderator
 
Posts: 9279
Joined: Thu Apr 28, 2016 3:24 am
Location: Netherlands

Re: Data Breach Update

Postby TurdPile » Sun Jan 06, 2019 5:56 pm

Flavorable wrote:
Metaphorical wrote:This is no surprise with the lack of security features on their sites.

Months of bot spam in games.
No SSL encryption on the website.
Their forum phpBB version is five years old and with very basic MD5 hashing.
The custom captchas they had before it was eventually changed.
Multiple instances of devs doxing players.
The forums don't even use HTTPS which violateAct 32 of the GDPR.

The data breach happened on the 28th of December and we were only notified today, 5 days after it happened and about 48 hours too late for the GDPR.
It's almost unreal that the devs only found out about such a massive breach on the 1st of January.

This isn't acceptable from BlankMediaGames at all...


The forums were available in HTTPS, always have been. Also can I not find anywhere stated in the GDPR that websites are obligated to automatically refer to HTTPS. If that were the case than basically 90% of all webpages should be taken down.
Also, the GDPR states after they are aware of a data breach they have to reach out within 72 hours. Not after a breach happens.

Also, when did Devs actually dox players?

And last but not least: How is it the fault of BMG that a couple of trolls who couldn't have their way decided to make bots just to ruin everyone else's game?


Yes it's been around, but it wasn't forced.

And to Reddit standards, saying someone's first name on the internet = doxxing lol.

Spoiler: Image
I have mostly rescinded my role as Admin.

All previous contact should instead be redirected to Flavorable.

If your inquiry doesn't directly have to do with Trial 2.0 or TrialBot, then please refrain from messaging.

Thank you.
User avatar
TurdPile
Vampire
Vampire
 
Posts: 8900
Joined: Tue Feb 11, 2014 10:25 am
Location: Massachusetts

Re: Data Breach Update

Postby punjian » Mon Jan 07, 2019 7:48 am

Magnasword2 wrote:I jsut find it completely baffling someone would want to hack TOS accounts. What are they going to do, start using active accounts as bots? Oy vey


Now that we all know how much they cared for security i would've chosen their game to hack as well lmao. We had a guy in the subreddit saying tos was hacked on the 28th, hes a normal basic user, no hacker, dev or anything else. No one cared cause no one believed it, but it is really concerning how many other people knew about it before BMG noticed it or even started acting.
Tucker the
punjian
Survivor
Survivor
 
Posts: 36
Joined: Thu Nov 10, 2016 8:51 am

Previous

Return to Announcements

Who is online

Users browsing this forum: No registered users and 9 guests