Official Everybody Edits Forums

Do you think I could just leave this part blank and it'd be okay? We're just going to replace the whole thing with a header image anyway, right?

You are not logged in.

#1 2019-03-21 02:11:48, last edited by Xenonetix (2019-03-21 02:21:43)

Xenonetix
Past Owner
From: Working on EEU
Joined: 2015-03-07
Posts: 893
Website

Recent Events & Accounts Restored!

Hi Everybody,

So here's the story, although we don't know that all the events that occurred were by the same individual or not, but here's what went on:

On 19th February 2019, someone (still anonymous) created in excess of 800 new EE accounts. These were not produced by registering the accounts, so the Captcha didn't matter, and email verification wouldn't have resolved the issue. The accounts were being created through exploits in Player.IO's registration systems, which meant that the hacker could effectively create accounts with whatever information they liked.

These 800+ accounts each had different IP addresses, and were consequently used to spam links in private messages, as many of you experienced during late February and early March. Every time we attempted to delete or ban one of them, a new one would almost immediately be created in its place. For example, on one day, an account was created at 9:06pm, it had been reported in-game by 9:12pm, was banned by 9:15pm, and a new account to replace it had been created by 9:18pm. It was an unending vicious circle.

We made a lot of changes in attempts to combat that, but the hacker always worked around our fixes, and eventually, the only way to stop it was to track down how the accounts had different IP addresses. I'm not going to go into details of how we eventually figured that out, but it wasn't just a regular VPN. Nevertheless, on 17th March, we banned exactly 1,130 IP addresses, which appeared to do the trick, as all the accounts went dormant, no longer used, and the spam stopped.

Due to the timeline here, we believe the same individual decided to change tactic, so they changed their activity completely. Instead of spamming people, they produced a new account with administration powers (as they were still somehow able to create accounts with any information they wanted), and renamed it "Xenonetix" after creation. Due to the nature of how the colored names work in-game, anyone named "Xenonetix" has my colored name, so this was an imposter with administration powers roaming Everybody Edits, all while I was personally asleep. Contrary to popular belief, my account itself had not actually been hacked, and the fake Xeno had a completely new account with barely anything on it.

This then led to a level of havoc that we're unsure EE has ever seen before. People were asking Mr X to give them admin, which Mr X proceeded to do, along with changing the username color of anyone they had given admin too. As staff, we were worried that things could get out of hand, so we had to shut down Everybody Edits entirely for a few hours on Sunday evening & Monday morning.

At this point, I'd like to thank this amazing community. We were really worried about what some people might have done when receiving administration powers, but for the most part, approximately 180 accounts were issued admin, and almost all of them acted very responsibly with it. Sure, most people were just having fun with it in a trying situation, and some people were scared about what was going on, but around 99% of the new administrators were not malicious with the powers they had been issued. Thank you all for that, and we're glad to see the community acted with strength during this time of weakness.

Moving on, we naturally reversed all the accounts that had been given administrator powers, and then turned the game back on again, having made some further changes to combat the problem. But sadly, the story doesn't end there, as on Monday 19th March & Tuesday 20th March, someone literally 'deleted' all the accounts that been given admin the day before. In addition, almost all staff members and Divine Patrons were also 'deleted'.

Now, as we thankfully have account information in multiple locations around the backend of Everybody Edits, and we back up regularly, being "deleted" wasn't actually the end of the world, as Mr X might have liked us to believe. When people logged on, the game asked to confirm terms and conditions and ask for a new username, but things like friends lists and crews were still completely intact. No worlds (that we're aware of) were deleted in the attacks, but people were worried they had lost them because they were no longer appearing on their account. This was purely a referencing issue, as the account was no longer associated directly to the levels by ID, but they were all still there. Anything bought on the accounts were still present, which meant no items had been lost at all. Effectively, all that had truly been lost was the username (and some minor account details).

Thankfully, LukeM had been making backups regularly, so we were able to restore all 180+ accounts back to their former glory today. I'd like to thank Luke especially for his hard work over the last few days, because the whole situation could have been a lot worse without him. I'd also like to thank Cercul1 for his work combating the 1130 IP addresses.

So that brings us to today. All the accounts have been restored to their former glory! However, they are from backups from Monday, so we have added 2 days to the login streaks of anyone that was affected, and appreciate your patience through these trying ordeals. Apologies for the inconvenience.

As for today's "attack", we've got to hold our hands up and say that one was our mistake. Whoops. Who needs hackers when we do the work for them? When restoring the accounts, we restored many of them to the state they were shortly after EE was shut down Sunday/Monday, which also meant a lot of people were still listed as Administrators, even though they were not. Naturally, this has all been rectified now, and everything should be back to normal.

Meanwhile, behind the scenes, we've taken various steps to prevent this sort of thing from happening again. All the developers now have brand new Player.IO accounts just in case a developer was somehow compromised, and I also have a new account, and have contacted Player.IO to attempt to get the game transferred to it. As such, this would block out anyone that ever had access to the game in the past. All this being said, I would like to reassure you all that your Everybody Edits login credentials were never compromised or accessed by the hacker. Nevertheless, we still recommend changing your password every few weeks.

Thank you to so many of you who supported and helped us through this endeavour. Naturally, we hope this is the end of Mr X's exploits, and we look forward to enjoying Everybody Edits as normal again from now on.

Prize for the most amusing reaction to events recently goes to Tora though:

unknown.png

~ Xenonetix ~


Xenonetix_2.png

Offline

#2 2019-03-21 02:18:05

SirJosh3917
Formerly ninjasupeatsninja
From: USA
Joined: 2015-04-05
Posts: 2,095

Re: Recent Events & Accounts Restored!

Xenonetix wrote:

someone (still anonymous)

we have agreed to call them "Mister Man" :^)

Offline

Wooted by: (2)

#3 2019-03-21 02:21:28

Joeyc
Guest

Re: Recent Events & Accounts Restored!

that 1% was hexxel

#4 2019-03-21 05:19:18

Freckleface
Member
Joined: 2015-04-02
Posts: 1,364

Re: Recent Events & Accounts Restored!

Now we wait for the backlash from demodding 180 admins.


F

Offline

#5 2019-03-21 07:49:09

peace
Member
From: admin land
Joined: 2015-08-10
Posts: 9,226

Re: Recent Events & Accounts Restored!


peace.png

thanks hg for making this much better and ty for my avatar aswell

Offline

#6 2019-03-21 11:26:59

HelpMe222
New Member
Joined: 2019-03-20
Posts: 5

Re: Recent Events & Accounts Restored!

thanks for recovering my account

Offline

Wooted by: (2)

#7 2019-03-21 12:14:39

Snowester
Member
From: Mars
Joined: 2017-05-31
Posts: 637

Re: Recent Events & Accounts Restored!

Keep up the good work. //forums.everybodyedits.com/img/smilies/tongue

Offline

Wooted by: (2)

#8 2019-03-21 14:53:45

MWstudios
Member
From: World 4-2
Joined: 2018-04-06
Posts: 1,331

Re: Recent Events & Accounts Restored!

ninjasupeatsninja wrote:
Xenonetix wrote:

someone (still anonymous)

we have agreed to call them "Mister Man" :^)

no, we should call him "some man", if not "some woman"


Time before becoming a Member - Leaderboard
1. Whirl - 9 months
2. KirbyKareem - 8 months
3. pwnzor - 2.4 months
4. MWstudios - 2 months
5. ILikeTofuuJoe - 1.5 months
giphy.gif Piskel is the best GIF maker I've seen
HG's signature for me - Anatoly's signature for me
The Mashed Potatoes Song - The longest post on EE forums - Play my Minesweeper

Offline

#9 2019-03-21 14:55:08

Joeyc
Guest

Re: Recent Events & Accounts Restored!

some man is already taken, woman it is

Wooted by:

HG

#10 2019-03-21 14:59:53, last edited by PTU (2019-03-21 15:00:46)

PTU
Formerly Pipec
From: Mailboxٴٴٴٴٴٴٴٴٴٴٴٴٴٴٴٴٴٴٴٴٴٴٴ
Joined: 2017-04-15
Posts: 862

Re: Recent Events & Accounts Restored!

MWstudios wrote:
ninjasupeatsninja wrote:
Xenonetix wrote:

someone (still anonymous)

we have agreed to call them "Mister Man" :^)

no, we should call him "some man", if not "some woman"

what about starting to call them pipec mwstudios



/s


M2my8OF.png M2my8OF.png M2my8OF.png

UUCFFj2.png UUCFFj2.png UUCFFj2.png

Offline

#11 2019-03-21 15:11:13

MWstudios
Member
From: World 4-2
Joined: 2018-04-06
Posts: 1,331

Re: Recent Events & Accounts Restored!

PTU wrote:
MWstudios wrote:
ninjasupeatsninja wrote:
Xenonetix wrote:

someone (still anonymous)

we have agreed to call them "Mister Man" :^)

no, we should call him "some man", if not "some woman"

what about starting to call them pipec mwstudios



/s

If I was him, I'd give myself a patreon membership, diamonds, and every classic block, since that's what I always wanted
but I never get those because those attacks happen in midnight


Time before becoming a Member - Leaderboard
1. Whirl - 9 months
2. KirbyKareem - 8 months
3. pwnzor - 2.4 months
4. MWstudios - 2 months
5. ILikeTofuuJoe - 1.5 months
giphy.gif Piskel is the best GIF maker I've seen
HG's signature for me - Anatoly's signature for me
The Mashed Potatoes Song - The longest post on EE forums - Play my Minesweeper

Offline

Wooted by:

#12 2019-03-21 15:21:38

Shy
Guest

Re: Recent Events & Accounts Restored!

The attack was fearful, I still wonder how you were able to stop it all.

#13 2019-03-21 15:24:21

mikelolsuperman
Member
From: North Korea
Joined: 2016-06-26
Posts: 1,683
Website

Re: Recent Events & Accounts Restored!

Shy wrote:

The attack was fearful, I still wonder how you were able to stop it all.

Maybe it was a stunt to get more attention to ee and then it got fixed.


Blue is my favourite color
BhC68b8.png

Signature made by Nebula

I also like lasagna, but not when it's blue

Offline

#14 2019-03-21 15:36:42

Snowester
Member
From: Mars
Joined: 2017-05-31
Posts: 637

Re: Recent Events & Accounts Restored!

Shy wrote:

The attack was fearful, I still wonder how you were able to stop it all.

Read carefully and slowly

Offline

#15 2019-03-21 15:38:32

peace
Member
From: admin land
Joined: 2015-08-10
Posts: 9,226

Re: Recent Events & Accounts Restored!

sad i wodidnt got admin powers i would gladly use mdo text...


peace.png

thanks hg for making this much better and ty for my avatar aswell

Offline

#16 2019-03-21 15:58:15

2b55b5g
Formerly 2B55B5G TNG
Joined: 2016-08-27
Posts: 3,000

Re: Recent Events & Accounts Restored!

Why do I think this is still not over...

Anyway, nice job to the admins for fixing this issue


she/her

also known as DevilCharlotte

search 2bisniekitastan if you wanna find my worlds on ArchivEE

pfp: https://picrew.me/image_maker/1272810

Offline

#17 2019-03-23 23:54:47

Different55
Forum Admin
Joined: 2015-02-07
Posts: 16,569

Re: Recent Events & Accounts Restored!

Head's up, seems like these issues are still ongoing.

All Inbox messages, email addresses, and IP addresses have been leaked and are public knowledge.

If PlayerIO is the source of the breach (or if they somehow have access to the client), it's possible passwords should be considered compromised. To be safe, change your password on any service that you reused your EE password on. Can't hurt.

I can't speak for the EE Staff, I only manage the forums and my only source of information is what's posted on these forums, but since we don't seem to know the full extent of this hack, it might be wise to avoid EE for a little bit. At least until we get a final word from the EE staff that this case is closed.


"Sometimes failing a leap of faith is better than inching forward"
- ShinsukeIto

Offline

#18 2019-03-24 00:29:32

Guest.
Guest

Re: Recent Events & Accounts Restored!

Different55 wrote:

Head's up, seems like these issues are still ongoing.

All Inbox messages, email addresses, and IP addresses have been leaked and are public knowledge.

If PlayerIO is the source of the breach (or if they somehow have access to the client), it's possible passwords should be considered compromised. To be safe, change your password on any service that you reused your EE password on. Can't hurt.

I can't speak for the EE Staff, I only manage the forums and my only source of information is what's posted on these forums, but since we don't seem to know the full extent of this hack, it might be wise to avoid EE for a little bit. At least until we get a final word from the EE staff that this case is closed.

ill be honest, the fact that you had to step in is pretty pathetic. i’m glad you’re at an unbiased stance and handled the situation well. i cant say the same for the staff team

#19 2019-03-24 01:58:55

Kkay
Formerly Kaydog99
From: Canda eh
Joined: 2015-08-20
Posts: 495

Re: Recent Events & Accounts Restored!

Jet wrote:
Different55 wrote:

Head's up, seems like these issues are still ongoing.

All Inbox messages, email addresses, and IP addresses have been leaked and are public knowledge.

If PlayerIO is the source of the breach (or if they somehow have access to the client), it's possible passwords should be considered compromised. To be safe, change your password on any service that you reused your EE password on. Can't hurt.

I can't speak for the EE Staff, I only manage the forums and my only source of information is what's posted on these forums, but since we don't seem to know the full extent of this hack, it might be wise to avoid EE for a little bit. At least until we get a final word from the EE staff that this case is closed.

ill be honest, the fact that you had to step in is pretty pathetic. i’m glad you’re at an unbiased stance and handled the situation well. i cant say the same for the staff team

Like every time I see your name on a post its an insult, like I **** but it honestly gives me a headache - "Pathetic", like why can't you just say "Hey good job diff for doing your **** job! Really appreciate some type of information about everything's that's been happening with all these posts on the forum you run!" Sure communication is not nearly as good as it should be, but why not just listen to the admins working on the situation instead of trying to get a special star for spitting an insult and showing up.

Offline

#20 2019-03-24 02:22:39

Guest.
Guest

Re: Recent Events & Accounts Restored!

Kkay wrote:

long

haha! i like this post attacking someone i don’t like. wooting this rn!
it’s a good thing i literally could not care less about anything against me so long as it’s from ee - i’ve tried my part but fatman refused. thanks for getting mad over the smiley game forums!

however we digress, though. the admins have literally admitted to not working on the situation and there’s still yet to be an official announcement

Wooted by:

#21 2019-03-24 02:29:43

poopdublio
Member
Joined: 2018-11-15
Posts: 48
Website

Re: Recent Events & Accounts Restored!

Jet wrote:
Kkay wrote:

long

haha! i like this post attacking someone i don’t like. wooting this rn!
it’s a good thing i literally could not care less about anything against me so long as it’s from ee - i’ve tried my part but fatman refused. thanks for getting mad over the smiley game forums!

however we digress, though. the admins have literally admitted to not working on the situation and there’s still yet to be an official announcement

you're disabled and should get off the internet

however we digress, though. this situation is pretty bad


It's :clap: Spam :clap: If :clap: The :clap: Mods :clap: Don't :clap: Like :clap: It

Offline

#22 2019-03-24 02:31:59

Spongelito
Member
From: Tennessee, USA
Joined: 2018-01-03
Posts: 38

Re: Recent Events & Accounts Restored!

And it's getting hacked again ._.


Hits that yeet all day and all night
1a8d1a0b38ed2d870651225a3daa431fa1f10b3ar1-455-528v2_128.jpg

Offline

#23 2019-03-24 02:39:08

Kkay
Formerly Kaydog99
From: Canda eh
Joined: 2015-08-20
Posts: 495

Re: Recent Events & Accounts Restored!

Jet wrote:
Kkay wrote:

long

haha! i like this post attacking someone i don’t like. wooting this rn!
it’s a good thing i literally could not care less about anything against me so long as it’s from ee - i’ve tried my part but fatman refused. thanks for getting mad over the smiley game forums!

however we digress, though. the admins have literally admitted to not working on the situation and there’s still yet to be an official announcement

"I don't care about anything you say haha!" It's like you don't even know what you're talking about so you just decide to be rude and shoot insults for no reason. "Tried my part" is even funnier because you don't have a part, let the grownups handle the situation //forums.everybodyedits.com/img/smilies/smile I love how you think you could do a better job then like every single staff member.

And I'm super sorry for getting upset on a smiley forum, I didn't realize I was talking to a smiley wiki mod

Offline

#24 2019-03-24 02:51:05

mrjawapa
Corn Man 🌽
From: Ohio, USA
Joined: 2015-02-15
Posts: 5,840
Website

Re: Recent Events & Accounts Restored!

this forum rn
n8evnhsa.png


Discord: jawp#5123

Offline

Wooted by: (5)

#25 2019-03-24 02:57:53

Different55
Forum Admin
Joined: 2015-02-07
Posts: 16,569

Re: Recent Events & Accounts Restored!

Please keep future discussion relevant to the breach. This isn't the place for any of that.


"Sometimes failing a leap of faith is better than inching forward"
- ShinsukeIto

Offline

Wooted by: (3)
2721553541719743600

Board footer

Powered by FluxBB

[ Started around 1710846186.7333 - Generated in 0.148 seconds, 10 queries executed - Memory usage: 1.93 MiB (Peak: 2.23 MiB) ]