Regarding the data breach

Norwee · 2019-03-23 22:50:47

Does this have anything to do with it?

Processor · 2019-03-23 22:58:47

Let me drop some new information I have gathered.

An attacker has gained access to EE databases earlier this week (on Tuesday). They exported databases and deleted some database objects.
As LukeM confirms, the attacker made another export yesterday (other sources verify this claim: the export was made on 03/22/2019 around 17:30 UTC).

I have proof that staff noticed this within 24 hours.
They had the knowledge of a "backdoor" or exploit existing in the backend severs of EE and did not disclose this in time.
This provides legal basis to prove that the staff acted negligently and in their own interest.

Staff keeps issues to themselves:
I quit EE. I was notified of the mail and reports breach by Zoey2070 (a staff) today.

Something is wrong if I get notified before everyone else is.
Something is wrong if the top-most priority isn't to tell everyone to change their passwords.
Something is wrong if the owner would rather block me instead of discussing this issue.

Staff keeps game running despite breach:
The game has been compromised since Tuesday, the game is still compromised. LukeM has confirmed to me that the issues are still being fixed (read: aren't yet fixed).

Instead of shutting down the game until the data breach is solved, the management has chosen to keep the game running.
This prevents lost revenue at the expense of our security.

Staff has not notified users or the DPAs of this breach.
Some members of the community already know this, but those who have stopped playing / checking the forums do not. Their info is at risk, that's a problem.
Xenonetix has confirmed the knowledge of the upcoming leaks, yet has made no effort to the community know.

If you are reading this, please close all EE tabs and do not access EE until further notice.
The game is breached and we suspect that the breach is still ongoing.
The attackers have shown the ability to access the servers.
Flash is not a secure platform. Downloading content from untrusted servers can leak your password and potentially install viruses on your PC.

Everybodyedits.com is currently breached and no longer safe.
Please change your password on any other site where you're using the same password as on EE.

Zumza, XdGameur25, Snowester, St1ckS4m(EE), TaskManager, Minimania, 2b55b5g, Kikikan

Joeyc · 2019-03-23 22:58:59

Yeah, I recommend you all change your passwords and emails as soon as possible

Norwee · 2019-03-23 23:02:39

This is precisely why i have a completely separate password for my EE account aside from everything else i use. I knew the security was horrendous. If you don't have a separate password i highly suggest you to do the same.

coinage, Latif

Zumza · 2019-03-23 23:04:00

Almost everyones email and location has been leaked.
The are also phone numbers, snapchats contacts, instagram and facebook profiles within the first leak.

coinage

Snowester · 2019-03-23 23:06:10

Zumza wrote:

The are also phone numbers, snapchats contacts, instagram and facebook profiles within the first leak.

I can't tell if you're being sarcastic. But I hope you mean from mails which is dumb because nobody would use them.

Processor · 2019-03-23 23:21:40

Growler wrote:

Zumza wrote:
The are also phone numbers, snapchats contacts, instagram and facebook profiles within the first leak.
I can't tell if you're being sarcastic. But I hope you mean from mails which is dumb because nobody would use them.

I have sources confirming the said information being true. They also found photos of users (some underage), unlisted videos on youtube, addresses, passwords, among other things.

coinage

Snowester · 2019-03-23 23:28:03

Processor wrote:

Growler wrote:
Zumza wrote:
The are also phone numbers, snapchats contacts, instagram and facebook profiles within the first leak.
I can't tell if you're being sarcastic. But I hope you mean from mails which is dumb because nobody would use them.
I have sources confirming the said information being true. They also found photos of users (some underage), unlisted videos on youtube, addresses, passwords, among other things.

Oh cow dung, really? What are the examples? xd

ZeldaXD · 2019-03-23 23:37:17

If you're a facebook user, the leak contains your real name too (because of Facebook data)

Zumza, Snowester, Minimania, 2b55b5g, Slabdrill, Swarth100

Snowester · 2019-03-23 23:49:51

ZeldaXD wrote:

If you're a facebook user, the leak contains your real name too (because of Facebook data)

Oh noes, that what show up in the first leak?

ZeldaXD · 2019-03-24 00:20:32

The total amount of emails and/or ips leaked is 1.166.081*
Over 500.000 are estimated to be real emails.

*includes people with fake emails

Guest. · 2019-03-24 00:32:56

ZeldaXD wrote:

The total amount of emails and/or ips leaked is 1.166.081*
Over 500.000 are estimated to be real emails.
*includes people with fake emails

assuming most of those accounts are real people, this is huge, and the biggest data breach ee has had in its history

LukeM · 2019-03-24 00:34:00

Just going to try and correct some of the information Processor is spouting, because to the best of our knowledge most of it is false:

Processor wrote:

An attacker has gained access to EE databases earlier this week (on Tuesday). They exported databases and deleted some database objects.

Yes, an attacker gained access to the database earlier this week, but to the best of our knowledge, no exports were made at this point (if you think this is false then please send us your information rather than using it to directly attack us)

Processor wrote:

As LukeM confirms, the attacker made another export yesterday (other sources verify this claim: the export was made on 03/22/2019 around 17:30 UTC).
I have proof that staff noticed this within 24 hours.
They had the knowledge of a "backdoor" or exploit existing in the backend severs of EE and did not disclose this in time.
This provides legal basis to prove that the staff acted negligently and in their own interest.
Staff keeps issues to themselves:
I quit EE. I was notified of the mail and reports breach by Zoey2070 (a staff) today.
Something is wrong if I get notified before everyone else is.
Something is wrong if the top-most priority isn't to tell everyone to change their passwords.
Something is wrong if the owner would rather block me instead of discussing this issue.

We made users aware of this issue promptly, let those affected know what happened, and restored the data which was deleted. The reason you weren't notified about the earlier attacks was because you weren't affected by them, and the reason you haven't yet been notified about the later breaches was because we hadn't yet had time to gather the data.

The reason Xenonetix blocked you is that you are blindly attacking us rather than trying to actually solve the problem, which really doesn't help the situation.

Processor wrote:

Staff keeps game running despite breach:
The game has been compromised since Tuesday, the game is still compromised. LukeM has confirmed to me that the issues are still being fixed (read: aren't yet fixed).
Instead of shutting down the game until the data breach is solved, the management has chosen to keep the game running.
This prevents lost revenue at the expense of our security.
Staff has not notified users or the DPAs of this breach.
Some members of the community already know this, but those who have stopped playing / checking the forums do not. Their info is at risk, that's a problem.
Xenonetix has confirmed the knowledge of the upcoming leaks, yet has made no effort to the community know.

To our knowledge (and you have yet shown otherwise), yesterday was the first time any information was exported from our databases. During this event the in-game mail and reports were exported from the database and uploaded to a few free file hosting sites, but unless you shared personal information with other players using these services, no sensitive information was leaked at this point.

The reason the game hasn't been shut down since is because that wouldn't do anything to help, not that we want to keep earning money from EE or anything, in fact in the last few days we've made a grand total of £5.76, you maybe had the chance to be a sell-out back when you were working on the game, but thats really not an option anymore

We will do everything as is advised by the relevant laws and regulations, but we need time to do it, you can't expect us to gather all the information about an attack that isn't even over yet and contact all of the people affected before you have the chance to write a badly thought out attack on the staff team...

Processor wrote:

If you are reading this, please close all EE tabs and do not access EE until further notice.
The game is breached and we suspect that the breach is still ongoing.
The attackers have shown the ability to access the servers.
Flash is not a secure platform. Downloading content from untrusted servers can leak your password and potentially install viruses on your PC.
Everybodyedits.com is currently breached and no longer safe.
Please change your password on any other site where you're using the same password as on EE.

You worked on EE yourself... You should know that this isn't how things work...
The database is entirely seperate from PlayerIO's internal account system, nobody has access to things like passwords, not even us.

Please just leave the announcements to us, you're just stirring up drama and giving out misinformation at this point.

mutantdevle

Guest. · 2019-03-24 00:43:18

“The reason Xenonetix blocked you is that you are blindly attacking us rather than trying to actually solve the problem, which really doesn't help the situation.”

lol nope. he blocks people whenever he’s told he’s **** up in some manner which he refuses to believe he’s done time and time again

Processor · 2019-03-24 01:00:44

LukeM wrote:

(if you think this is false then please send us your information rather than using it to directly attack us)

Sorry, that's not how this works. Before you spout ****, you come talk to me before attacking me, not the other way around.
I've worked on PlayerIO long enough to know how things work better than you do. I also know information security better than you do.

Passwords can be stolen with access to PlayerIO. Consult me in PMs if you'd like to know how.

I stand by what I said, as it is true and I have references and technical knowledge to prove it.

Zumza

Processor · 2019-03-24 01:39:04

LukeM has declined to correct their statement.

So I will now post how a hacker can steal your password. This might get the hackers some ideas, but its better than having you guys misguided.

Step 1: Hacker gets access to PlayerIO (Done)
Step 2: Hacker updates flash game (hosted by PlayerIO) to send your stored password to their servers
Step 3: Hacker injects some viruses that run on your PC

Therefore, going to everybodyedits.com will risk your plaintext stored password getting uploaded to other sites. It also risks other code being run on your machine.

Flash is not the safest platform.

Our chatlog: https://simons.life/finish/cry

Swarth100

LukeM · 2019-03-24 01:42:09

We have significant evidence to believe that what Processor has suggested is not possible.

I was discussing this with him, and was in the process of trying to confirm this when he refused to allow me the time to do so and posted this anyway.

I'll update this post when I either confirm that they do not, or have evidence to suggest that they might be able to.

Edit: We've finished looking into this, and after looking into it deeper, the evidence he presented us isn't consistant with the theory he had suggested.

Processor · 2019-03-24 01:53:56

Here's the thing, even if you suspect with a 1% chance that its possible, it's better to be safe than sorry.
That's why I asked LukeM to immediately correct his statement to say that he is currently investigating the issue and recommends not visiting the site. He said no to this request.

---

LukeM wants to work the other way around. Unless he is 99% sure that the game is unsafe, he is going to deny that the game is unsafe.

This perfectly visualizes the thinking:

---

My knowledge and information tells me that its very likely to be possible.
LukeM could not provide me with any evidence to suggest that it's not possible.

Edit:

Also LukeM agrees that your IP addresses are being actively leaked:

[1:27 AM] Yonom: youre very sure they have access to people's IP address?
[...]
[1:27 AM] Yonom: and you arent doing anything about that?
[1:27 AM] LukeM: what is there to do?
[1:27 AM] Yonom: that reveals the user's current location, among other things
[1:27 AM] LukeM: they already have them
[1:28 AM] LukeM: and within a country maybe
[1:28 AM] Yonom: IP addresses are considered personalized information by GDPR
[...]
[1:28 AM] LukeM: iirc they are only considered personal if they are bundled with other information that can be used to identify someone
[1:28 AM] LukeM: I did look into this
[...]
[1:28 AM] Yonom: they are bundled with username, email

There are users who are logging in for the first time today, and their updated IP address is going to be leaked. Staff does not care.

XdGameur25, Kikikan, Zumza, Swarth100

this is epic :P :P · 2019-03-24 02:44:35

wow bros
this is epic !
at this point we can just watch the game burn haha yes
game very alive

octodecillion, drstereos

2b55b5g · 2019-03-24 03:00:11

Can someone check is my IP address getting leaked?

Onjit · 2019-03-24 03:01:21

hey i know who did the breach but for reasons i cannot state i cannot disclose the identity of the hacker

mrjawapa

Spongelito · 2019-03-24 03:01:38

LukeM, if I may explain to you why you should temporarily shutdown the game:

1. It lowers risk and prevents players from logging in, making it safer

2. While shutting down the game doesn't exactly solve the problem, it's more of a precaution to keep things from getting worse.

rat

mrjawapa · 2019-03-24 03:05:47

Why has this topic turned into a **** measuring contest?

"I know more than you"
"No, I know more than YOU"
"NO, I know more!"

can we not fearmonger?

rgl32, LukeM, John

Different55 · 2019-03-24 03:08:11

Funposting won't be allowed here, either.

Anatoly · 2019-03-24 07:20:34

What about merged accounts?
E.g. if you moved FB -> EE.COM before the raid.

Should the police be informed about illegal take-away of data?
It’s possible that the raid is more serious to take, if it’s from a terrorist group. Do not risk anymore, from what I’ve read EE staff did already enough mistakes... don’t forget, he managed to find all leaks the game had!

Is there any possible way to detect the raider/hacker/mister man/mister x/however he’s called?
For understanding how serious the problem is.

I didn’t log into EE after the start of the raid. Do they have any information about my IP Address? Where is the IP stored?
because someone mentioned that only IP addresses logged after the raid started??

to;dr; Raid Level: High enough

Official Everybody Edits Forums

#26 2019-03-23 22:50:47, last edited by Different55 (2019-03-23 23:30:14)

Re: Regarding the data breach

#27 2019-03-23 22:58:47

Re: Regarding the data breach

#28 2019-03-23 22:58:59

Re: Regarding the data breach

#29 2019-03-23 23:02:39, last edited by Norwee (2019-03-23 23:03:16)

Re: Regarding the data breach

#30 2019-03-23 23:04:00

Re: Regarding the data breach

#31 2019-03-23 23:06:10

Re: Regarding the data breach

#32 2019-03-23 23:21:40

Re: Regarding the data breach

#33 2019-03-23 23:28:03

Re: Regarding the data breach

#34 2019-03-23 23:37:17

Re: Regarding the data breach

#35 2019-03-23 23:49:51

Re: Regarding the data breach

#36 2019-03-24 00:20:32, last edited by ZeldaXD (2019-03-24 00:21:23)

Re: Regarding the data breach

#37 2019-03-24 00:32:56

Re: Regarding the data breach

#38 2019-03-24 00:34:00, last edited by LukeM (2019-03-24 00:35:30)

Re: Regarding the data breach

#39 2019-03-24 00:43:18

Re: Regarding the data breach

#40 2019-03-24 01:00:44

Re: Regarding the data breach

#41 2019-03-24 01:39:04

Re: Regarding the data breach

#42 2019-03-24 01:42:09, last edited by LukeM (2019-03-24 01:59:52)

Re: Regarding the data breach

#43 2019-03-24 01:53:56, last edited by Processor (2019-03-24 02:06:28)

Re: Regarding the data breach

#44 2019-03-24 02:44:35, last edited by this is epic :P :P (2019-03-24 02:47:40)

Re: Regarding the data breach

#45 2019-03-24 03:00:11

Re: Regarding the data breach

#46 2019-03-24 03:01:21

Re: Regarding the data breach

#47 2019-03-24 03:01:38, last edited by Spongelito (2019-03-24 03:01:55)

Re: Regarding the data breach

#48 2019-03-24 03:05:47, last edited by mrjawapa (2019-03-24 03:06:48)

Re: Regarding the data breach

#49 2019-03-24 03:08:11

Re: Regarding the data breach

#50 2019-03-24 07:20:34, last edited by Anatoly (2019-03-24 08:14:17)

Re: Regarding the data breach

Board footer