Do you think I could just leave this part blank and it'd be okay? We're just going to replace the whole thing with a header image anyway, right?
You are not logged in.
Player.IO does infact hash passwords, and it does convert to lowercase prior to hashing, which rules out any ridiculous compromise of Player.IO
It explains why logging in to ee is case insensitive, but even so the leaked passwords were all case sensitive
Offline
good thing i'm not in there
Offline
maby staff acoutneds needs an extra security like after you guessedthe email and password you need to do another thing to verify youre the staffmember this could saty if ur ex staffmember for a while if there are still ways that you as ex staffmemeber can get acces to something a hacker coudl use nicely
thanks hg for making this much better and ty for my avatar aswell
Offline
Early 2019: Wow I hope EE comes soon
Mid 2019: Haha yes! My password hasn't been leaked this is awesome
Offline
Early 2019: Wow I hope EEU comes soon
Mid 2019: Haha yes! My password hasn't been leaked this is awesome
Even awesome might to come if the account isn't been leaked.
I got a peek at the used passwords by Xenonetix and bytearray and both were terrible passwords that could have been easily guessed.
While these passwords were likely not the same ones used on PlayerIO, they show you the general approach staff takes with security.
How did you get access to these passwords? were they leaked as well? also if the passwords have been changed, could you tell me what they were? no reason im just curious
When your energy refills...
Offline
also if the passwords have been changed, could you tell me what they were? no reason im just curious
Offline
XxAtillaX wrote:Player.IO does infact hash passwords, and it does convert to lowercase prior to hashing, which rules out any ridiculous compromise of Player.IO
It explains why logging in to ee is case insensitive, but even so the leaked passwords were all case sensitive
Did you read? Every password are converted to lowercase. If you make a password uppercase it will automatic be lowercase in all games.
Whcih mean PIO's security to password is ****. How the hack was made, so didn't they bruteforce the passwords. Because the password is both in uppercase and lowercase.
For me is there a backdoor or a swf that got added which collected passwords.
Offline
holy **** PIO passwords should ALWAYS be case sensitive 52 characters +(all numbers and symbols) vs 26 +(al numbers and symbols) its a diffrence
thanks hg for making this much better and ty for my avatar aswell
Offline
Player.IO has fairly smart security with logins. It is throttled on a very small number of failed attempts, and you won't know you've hit the throttle. It's silent. I've tried bruteforcing accounts before, it doesn't work. I'm sure many others have tried as well, and to no avail.
I don't think that it is bruteforcing.
Offline
icepegasus wrote:XxAtillaX wrote:Player.IO does infact hash passwords, and it does convert to lowercase prior to hashing, which rules out any ridiculous compromise of Player.IO
It explains why logging in to ee is case insensitive, but even so the leaked passwords were all case sensitive
Did you read? Every password are converted to lowercase. If you make a password uppercase it will automatic be lowercase in all games.
Whcih mean PIO's security to password is ****. How the hack was made, so didn't they bruteforce the passwords. Because the password is both in uppercase and lowercase.
For me is there a backdoor or a swf that got added which collected passwords.
Well I was talking to seb about it which he got leaked aswell, and his password was indeed case sensitive, but when he logs on ee he just uses all lowercase, yet the leak did get his uppercase letters too, so I don't think it's a bugged swf
Offline
poor xeno http://prntscr.com/ojbpb0 someone send this ppic in th ekoong chat i checked wiht my kong alt and oma gawd alos upon opening xenos porfile noting loaded showing on home page inst possible as you cant laod agem on home page
thanks hg for making this much better and ty for my avatar aswell
Offline
uh is it possible that some more accounts got affected after this post was made by you xeno? and is it possilbe that the guy could get into my kogn acc because somethign weir dhappaned ive done on my kong ee acc (which is ****) hilderens farm today or yesterday and havent entered any campaing afterwards now i wanted to play best of EE campaing (yes i finaly got in the world wihtout sever timing outs) upon joinign the first world i said do you want to overwirte MK mushrroom cup (tier 1 speedrun) i clicked yes but i neevr joined the world my usernam eon there is HRISUGRS
thanks hg for making this much better and ty for my avatar aswell
Offline
uh is it possible that some more accounts got affected after this post was made by you xeno?
It is. I don't believe it's possible they could have gotten any further passwords.
is it possilbe that the guy could get into my kogn acc because somethign weir dhappaned ive done on my kong ee acc (which is ****) hilderens farm today or yesterday and havent entered any campaing afterwards now i wanted to play best of EE campaing
It's relatively unlikely they "got into" your account. Almost everything going on has been happening backend, so unless you share your Kong account email and password with your EE email and password, I don't see a way for other people to access your Kong account that would be in any way connected to EE.
Offline
YYAY my account isnt on the list
man they hacked lame accounts
Offline
YYAY my account isnt on the list
man they hacked lame accounts
and my account
When your energy refills...
Offline
uh guys the game is closed but the hackers still have acdes so uhm yeah
thanks hg for making this much better and ty for my avatar aswell
Offline
EE looks different now with the text having a basic look. What happened?
Hits that yeet all day and all night
Offline
What will happen to those of us who play for Kongregate?
Offline
maby staff acoutneds needs an extra security like after you guessedthe email and password you need to do another thing to verify youre the staffmember this could saty if ur ex staffmember for a while if there are still ways that you as ex staffmemeber can get acces to something a hacker coudl use nicely
This is actually a good idea. 2fa would be fine, and could be in place for everyone.
But we've had issues with past staff accounts.
Discord: jawp#5123
Offline
We already have 2factor, one's your username the others your password
Offline
We already have 2factor, one's your username the others your password
thats not how this works
two passwords is still one factor
I have never thought of programming for reputation and honor. What I have in my heart must come out. That is the reason why I code.
Offline
"Kongregate is crap"
That did not age well.
Offline
We already have 2factor, one's your username the others your password
1) that's not how it works
2) you can actually login without knowing email, so if you are trying to hack someone, you just need to guess the password
Offline
Is the Kongregate version actually safe to use?
★ ☆ ★ ☆ ★
☆ ★ ★
Offline
[ Started around 1732354333.2516 - Generated in 0.093 seconds, 10 queries executed - Memory usage: 1.8 MiB (Peak: 2.05 MiB) ]