Breach Attempt - Quickly Caught & Handled

Discuss the newest strategies involving the game in a professional manner and spread your knowledge

Breach Attempt - Quickly Caught & Handled

Postby Achilles » Tue Jan 07, 2020 4:50 am

At 12:48AM CST suspicious forum activity was reported to us and we quickly looked into it. After confirming that my account had been logged into we locked the account and began researching how this happened which will be disclosed below.

No user data was compromised. No passwords need to be reset. Only my account and 9 developer test accounts that are also mine were compromised and have been fixed.

What happened?
A Trial script was used to lookup data on the first 10 accounts in our user table. These 10 accounts were my account and 9 other developer test accounts owned by me. Part of this data contained the password reset verification string which was used to reset my password without email access. With the account they used another Trial script to grant some Town Points and change the games played on a few accounts, which we are already fixing. This was the extent of the damage. We have 2 Factor Authentication on the Admin Panel so they were not able to use the account to do much. We quickly reacted and stopped the threat.

The attempted hackers want to pretend this was a bigger deal than it was. They are showing a screenshot of an account with many Town Points and want to scare the community since they enjoy trolling but the damage was minor and already fixed. If any new information becomes available to us we will publicly disclose it as soon as possible.

I am proud of the BMG teams timely response to the situation at this late time of night, our ability to discover and neutralize the threat before any damage could be done and our preemptive measures done long ago which stopped this attempt early in its tracks.

Special thank you to Naru2008 for quickly notifying us of the suspicious activity.
User avatar
Achilles
Developer
Developer
 
Posts: 917
Joined: Sat Feb 08, 2014 5:02 pm

Return to Strategic Discussion

Who is online

Users browsing this forum: No registered users and 0 guests