Official Everybody Edits Forums

Do you think I could just leave this part blank and it'd be okay? We're just going to replace the whole thing with a header image anyway, right?

You are not logged in.

#1 2019-03-23 17:59:08, last edited by Processor (2019-03-24 21:45:41)

Processor
Member
Joined: 2015-02-15
Posts: 2,246

Regarding the data breach

Please visit everybodyedits.com at your own risk. Do not create new accounts in the game.
The game is hacked and we suspect that the hack is still ongoing.
The attackers have shown the ability to access the servers.
Flash is not a secure platform. Downloading content from untrusted servers can leak your password and potentially install viruses on your PC.


Everybodyedits.com is currently hacked and no longer safe.
Please change your password on any other site where you're using the same password as on EE.

EztPnPv.png
9VLcszx.png

So, this confirms a few things:
- Your private inbox letters and reports were leaked.
- Your E-Mails ARE ABOUT TO BE LEAKED
- Your IP addresses: probably breached
- The people running the game do not care to tell you about it

Citizens of EU, please contact your appropriate data protection authority about this breach, as the people running this game do not seem to take laws seriously!

You can find your DPA here: https://edpb.europa.eu/about-edpb/board/members_en

I also recommend not logging into EE without a VPN to protect your privacy.

Xenonetix blames PlayerIO for the breach. If that's the case: change passwords on other accounts if they use your EE password.


I shared these messages from a private conversation I had with Xenonetix. I believe the community deserves to know, as personal information is a sensitive subject and he does not take it seriously.
There was no explicit request from Xenonetix to keep the messages off record.


I have never thought of programming for reputation and honor. What I have in my heart must come out. That is the reason why I code.

Offline

#2 2019-03-23 18:01:31, last edited by Vitalijus (2019-03-23 18:02:03)

Vitalijus
Member
From: Lithuania
Joined: 2015-02-15
Posts: 1,384
Website

Re: Regarding the data breach

Processor wrote:

https://i.imgur.com/EztPnPv.png
https://i.imgur.com/9VLcszx.png

So, this confirms a few things:
- Your private inbox letters and reports were leaked.
- Your E-Mails ARE ABOUT TO BE LEAKED
- Your IP addresses: probably leaked
- The people running the game do not care to tell you about it

Citizens of EU, please contact your appropriate data protection authority about this breach, as the people running this game do not seem to take laws seriously!

I also recommend not logging into EE without a VPN to protect your privacy.

Xenonetix blames PlayerIO for the breach. If that's the case: change passwords on other accounts if they use your EE password.

cMBxuDj.gif

Me knowing that I won't be hit as hard since I saw this all coming months ago and got my secret information (supposedly) deleted, all you will get is my vpn, russian swears password and my email, you guys are all doomed! //forums.everybodyedits.com/img/smilies/cool:lol:


wn7I7Oa.png

Offline

#3 2019-03-23 18:02:25

Snowester
Member
From: Mars
Joined: 2017-05-31
Posts: 640

Re: Regarding the data breach

Petition for a better EE owner

Offline

#4 2019-03-23 18:06:01

Guest.
Guest

Re: Regarding the data breach

how to be an ee owner in 2019:
- demod people for not agreeing with you
- attack your own customers
- fail to notify your customers the entire history of private reports and inbox messages in the game have been leaked

//forums.everybodyedits.com/img/smilies/cool

#5 2019-03-23 18:23:31, last edited by LukeM (2019-03-23 18:26:53)

LukeM
Member
From: England
Joined: 2016-06-03
Posts: 3,009
Website

Re: Regarding the data breach

Quick response (because we're really busy right now):
Yes (as everyone has probably already seen) some in-game mail was included in a pastebin yesterday
A small number of player's emails may be leaked in the near future, but the vast majority of accounts are safe
A larger number of IP addresses may also be leaked in the near future, but these are generally not personally identifiable, and change every couple of days anyway
All passwords are safe

We do care about these issues, and we will alert users in accordance with GDPR, its just that we're very busy right now and we're still waiting to gather all the information we need before sending formal notifications.

And yes, PlayerIO is largely to blame for this breach, we're currently in the process of getting them to clear up the security holes that we can't ourselves, we're doing what we can as fast as we can (and trying to stir up drama really doesn't help, Processor //forums.everybodyedits.com/img/smilies/tongue)

Offline

#6 2019-03-23 18:38:57, last edited by Processor (2019-03-23 18:58:22)

Processor
Member
Joined: 2015-02-15
Posts: 2,246

Re: Regarding the data breach

I have information telling me that the breach happened as of at least tuesday.

Under GDPR you must report breaches immediately and within 72 hours of them happening.

You have already failed to do this.

Xenonetix clearly does not understand that it's his responsibility to let the users know (see: https://i.imgur.com/lMUeIwl.png)

That's why this topic exists.

I recommend all Europeans to file a complaint at their country's DPA (https://edpb.europa.eu/about-edpb/board/members_en).
The process will take a few minutes, but the more complaints they get for EE, the higher the priority it will get.

Remember that EE is still a company based in EU (UK).

Edit:

Also, @LukeM: - you for calling this "stir[ring] up drama". I have rights and you aren't respecting them.
PlayerIO being at fault does not shift the responsibility from you to them. It's your game and you're responsible for choosing the right service providers.


I have never thought of programming for reputation and honor. What I have in my heart must come out. That is the reason why I code.

Offline

#7 2019-03-23 19:14:38

Kikikan
Member
From: Hungary
Joined: 2015-08-10
Posts: 204

Re: Regarding the data breach

LukeM wrote:

stir up drama

Man: *Murders someone*
Eyewitness: OMG THAT GUY MURDERED SOMEONE
Man: Look, I'm getting rid of the corpse, stirring up drama doesn't really help //forums.everybodyedits.com/img/smilies/tongue

Offline

Wooted by: (3)

#8 2019-03-23 19:21:36, last edited by LukeM (2019-03-23 19:28:54)

LukeM
Member
From: England
Joined: 2016-06-03
Posts: 3,009
Website

Re: Regarding the data breach

Processor wrote:

I have information telling me that the breach happened as of at least tuesday.

Under GDPR you must report breaches immediately and within 72 hours of them happening.

You have already failed to do this.

Xenonetix clearly does not understand that it's his responsibility to let the users know (see: https://i.imgur.com/lMUeIwl.png)

[...]

Also, @LukeM: - you for calling this "stir[ring] up drama". I have rights and you aren't respecting them.
PlayerIO being at fault does not shift the responsibility from you to them. It's your game and you're responsible for choosing the right service providers.

What information is that?

The files clearly have dates and times on them, and contain data from yesterday, so obviously couldn't have been created before that

I'm not saying that you shouldn't complain if we do something wrong, just don't complain in anticipation of us doing something wrong //forums.everybodyedits.com/img/smilies/tongue

Offline

#9 2019-03-23 19:33:48, last edited by Processor (2019-03-23 19:42:06)

Processor
Member
Joined: 2015-02-15
Posts: 2,246

Re: Regarding the data breach

LukeM wrote:

I'm not saying that you shouldn't complain if we do something wrong, just don't complain in anticipation of us doing something wrong

I am complaining about Xenonetix' lack of understanding for the severity of this issue. He told me EE isn't responsible for informing the community, so I made this topic.


I have never thought of programming for reputation and honor. What I have in my heart must come out. That is the reason why I code.

Offline

#10 2019-03-23 19:39:36

Norwee
Formerly NorwegianboyEE
From: Norway
Joined: 2015-03-16
Posts: 3,773

Re: Regarding the data breach

Xenonetix's desire to ban processor intensifies.


★              ☆        ★        ☆         ★
   ☆    ★                     ★

Offline

Wooted by:

#11 2019-03-23 19:47:41

TaskManager
Formerly maxi123
From: i really should update this
Joined: 2015-03-01
Posts: 9,465

Re: Regarding the data breach

processor is the new atilla now!


i8SwC8p.png
signature by HG, profile picture by bluecloud, thank!!
previous signature by drstereos

Offline

Wooted by: (3)

#12 2019-03-23 19:51:04

peace
Member
From: admin land
Joined: 2015-08-10
Posts: 9,226

Re: Regarding the data breach

maby let teh staff first fix the leak to prevent that it grows more an dmore? and users are well aware fo the attacks from ee so with a bit logicall thinking you know teh staff will do anything about fixzing it


peace.png

thanks hg for making this much better and ty for my avatar aswell

Offline

#13 2019-03-23 19:57:19

LukeM
Member
From: England
Joined: 2016-06-03
Posts: 3,009
Website

Re: Regarding the data breach

Processor wrote:
LukeM wrote:

I'm not saying that you shouldn't complain if we do something wrong, just don't complain in anticipation of us doing something wrong

I am complaining about Xenonetix' lack of understanding for the severity of this issue. He told me EE isn't responsible for informing the community, so I made this topic.

Currently we're in a bit of a gray zone where you definitely could argue that we don't need to inform the community.

The regulations state that you need to notify people if the data that was leaked puts the owner of the data at risk, which isn't really the case for in-game mail which is unlikely to contain anything sensitive.

Of course we will notify people in due course through a method we deem suitable for the severity of the data leaked (for example probably just an in-game news post and forum topic if it turns out nothing else was leaked, but maybe an email if it's something more severe), but for now we're still collecting information, and even if the GDPR did apply we'd still be well within the timeframe we'd be given to notify people.

Offline

#14 2019-03-23 19:57:56

Minimania
Moderation Team
From: PbzvatFbba 13
Joined: 2015-02-22
Posts: 6,395

Re: Regarding the data breach

Yeah, okay. Glad to know that if any of my private information or conversations were leaked that it all could've been prevented if I had known sooner.


21cZxBv.png
Click the image to see my graphics suggestions, or here to play EE: Project M!

Offline

Wooted by:

#15 2019-03-23 20:07:03

Kikikan
Member
From: Hungary
Joined: 2015-08-10
Posts: 204

Re: Regarding the data breach

LukeM wrote:

which is unlikely to contain anything sensitive.

unlikely
Meaning that there is a chance that it puts the owner of the data at risk.
This is not Russian roulette, nor a probability exercise in a Math student's book. If there's a chance, you have to notify the community.

Offline

#16 2019-03-23 20:16:23, last edited by LukeM (2019-03-23 20:20:48)

LukeM
Member
From: England
Joined: 2016-06-03
Posts: 3,009
Website

Re: Regarding the data breach

Kikikan wrote:
LukeM wrote:

which is unlikely to contain anything sensitive.

unlikely
Meaning that there is a chance that it puts the owner of the data at risk.
This is not Russian roulette, nor a probability exercise in a Math student's book. If there's a chance, you have to notify the community.

Note: I'm only talking about the laws and regulations currently, of course we will do more than the bare minimum that the law requires us to do.

The GDPR specifically states that you only need to notify users if the data is likely to put the owner at risk (their words not ours), and that even if it does we have until Monday to do so, so please don't accuse us of breaking the law unless you have done research into the relevant laws and what actually happened XD

Offline

#17 2019-03-23 20:56:46

Zumza
Member
From: root
Joined: 2015-02-17
Posts: 4,656

Re: Regarding the data breach

I extrapolated 108 unique emails from the in-game mail file.
A lot of them contain the real names of the owner (some complete, some only the first name).

P.S. I didn't knew Xenonetix has a middle name before.


Everybody edits, but some edit more than others

Offline

Wooted by:

#18 2019-03-23 21:15:58

Processor
Member
Joined: 2015-02-15
Posts: 2,246

Re: Regarding the data breach

I had someone run an analysis.

Today's leak contained
- 841 mentions of "@"
- 29 mentions of "pass:"
- 13 mentions of "password:"

LukeM wrote:

XD


I have never thought of programming for reputation and honor. What I have in my heart must come out. That is the reason why I code.

Offline

Wooted by:

#19 2019-03-23 21:17:39

Snowester
Member
From: Mars
Joined: 2017-05-31
Posts: 640

Re: Regarding the data breach

Processor wrote:

I had someone run an analysis.

Today's leak contained
- 841 mentions of "@"
- 29 mentions of "pass:"
- 13 mentions of "password:"

LukeM wrote:

XD

I notice some gemcodes and emails lol.

Offline

#20 2019-03-23 21:20:57

Tomahawk
Forum Mod
From: UK
Joined: 2015-02-18
Posts: 2,847

Re: Regarding the data breach

I don't think Xeno is denying that he should inform users about leaked data, but rather that he is responsible for the breach.

Let's not be so quick to call people evil. It is in fact also in Xeno's best interests to resolve problems quickly and to everyone's satisfaction.


One bot to rule them all, one bot to find them. One bot to bring them all... and with this cliché blind them.

Offline

Wooted by: (2)

#21 2019-03-23 21:36:38

LukeM
Member
From: England
Joined: 2016-06-03
Posts: 3,009
Website

Re: Regarding the data breach

Pretty much what Tomahawk said, we're definitely going to put out a formal statement once this is all over and once we have all the information we need, we're mostly just defending ourselves from the outright false claims you're making that we're breaking the law (as we understandably would).

Please just trust that we're doing all we can to undo the damage done by the previous attacks, and to prevent further ones, and trust that we will (or at least hold off the accusations until we don't) release a formal statement summarising what's happened to those affected.

Offline

#22 2019-03-23 21:47:55

peace
Member
From: admin land
Joined: 2015-08-10
Posts: 9,226

Re: Regarding the data breach

i agree on what lukem says let teh staff first fix the leak to prevent itfrom growing i mean what if there is a water leak in a factory youre upstairs goign to your office downstairs are all your workers you hear something ad see the floor is a bit wet you check and see a leak what do you do first?
1. i go downstairs ot inform all my workers that tehre is a leak then go upsatris to fix th eleak knowing it may have grown futher nd cased more damage
or
2. i try to fi the leak myself first with some help i can gather as fast as spossible an dmake sure all is safe then i go downsstatir sinforming the people what happaned

i woudl go for #2


peace.png

thanks hg for making this much better and ty for my avatar aswell

Offline

Wooted by:

#23 2019-03-23 22:09:27

Joeyc
Guest

Re: Regarding the data breach

Thank the god this thread exists, practically a life saver. I see no reason why Xenonetix should be withholding this information from the community exactly...? Especially since we should have the right to know this sorta stuff

#24 2019-03-23 22:19:04

Processor
Member
Joined: 2015-02-15
Posts: 2,246

Re: Regarding the data breach

@peace: User passwords have been leaked. IP addresses have been leaked (of active users, these are not old IPs). I would inform the users so they can change their passwords and take the necessary steps to secure their account and all other sites that use the same password.

Tomahawk wrote:

rather that he is responsible for the breach.

Its his game so yes, he is responsible for the breach. Take a moment to realize that responsibility != fault. While it may be PlayerIO who's at fault, EE's staff is responsible for the breach and must take the necessary steps to minimize damage to the users first, as they have topmost priority. Therefore, users must be informed first.

Instead, the current staff is covering their own ****.


I have never thought of programming for reputation and honor. What I have in my heart must come out. That is the reason why I code.

Offline

#25 2019-03-23 22:32:28

Snowester
Member
From: Mars
Joined: 2017-05-31
Posts: 640

Re: Regarding the data breach

Everyone, the emails and ip address are leaked in the current world spam. I don't know much but quickly CHANGE YOUR PASSWORD.

Offline

Wooted by: (2)
Processor1553794257743837

Board footer

Powered by FluxBB

[ Started around 1732454324.0003 - Generated in 0.222 seconds, 12 queries executed - Memory usage: 1.82 MiB (Peak: 2.1 MiB) ]