Do you think I could just leave this part blank and it'd be okay? We're just going to replace the whole thing with a header image anyway, right?
You are not logged in.
Everybodyedits.com is currently breached and no longer safe.
Please change your password on any other site where you're using the same password as on EE.
Sounds like going through every single site and changing the password is easy af, while it's not
Time before becoming a Member - Leaderboard
1. Whirl - 9 months
2. KirbyKareem - 8 months
3. pwnzor - 2.4 months
4. MWstudios - 2 months
5. ILikeTofuuJoe - 1.5 months
Piskel is the best GIF maker I've seen
HG's signature for me - Anatoly's signature for me
The Mashed Potatoes Song - The longest post on EE forums - Play my Minesweeper
Offline
I don't think this has been told so I'll stress you this.
Immediately check your email provider (gmail, outlook, yahoo, etc.) to see if there is something suspicious. If there is the account may have been hacked.
I am using Outlook, checking the emails and there's nothing suspicious for the moment.
Although recently theres been this bug where Outlook puts legit mail into trash mail.
Offline
^
1) Keep calm.
2) You've should not say this. (Delete the post as soon as possible.)
Because the hackers would have to firstly check other accounts before going to yours.
3) Immediately change the password on your email (top account) -> then your "first account" will be safe -> now change password on facebook using your save email.
4) Contact your email provider, explain the situation, ask if other logins have been detected.
If not: It was still good, but risky.
5) Change password on other connected accounts.
If yes: They'll help you.
5) Do hat they tell you.
Mait wrote:^
1) Keep calm.
2) You've should not say this. (Delete the post as soon as possible.)
Because the hackers would have to firstly check other accounts before going to yours.
3) Immediately change the password on your email (top account) -> then your "first account" will be safe -> now change password on facebook using your save email.
4) Contact your email provider, explain the situation, ask if other logins have been detected.
If not: It was still good, but risky.
5) Change password on other connected accounts.
If yes: They'll help you.
5) Do hat they tell you.
What if my email password is different from my EE account's password?
EDIT : And what should I write to EDPB? Can it even help me?
Offline
What if my email password is different from my EE account's password?
If your email has another password, than it's good. You can use your email to reset all other accounts that used your email as login.
I got some more news for you guys.
The exported list of accounts seems to only contain EE.com accounts created before Monday, January 21, 2019 10:55 PM January 5, 2019 21:30 PM (UTC; +- 12 hours depending on your timezone and the accuracy of your computer time).
This means that the attackers had access to the accounts list at least as of January 5th.
Note that this does not prove that the attackers no longer have access to the game, in fact, the IP addresses in the leak are up to date.
The other leak containing mails did contain very up to date information as well.
Here's a summary of what we know:
- A list of usernames, emails, ip addresses, facebook profiles was leaked yesterday.
- Mails and reports were leaked. These contained private photos, videos, snapchat and instagram profiles, real names, passwords, home addresses, ...
- The database is still compromised (as confirmed by LukeM). This gives hackers access to your IP address (therefore current location, ISP), emails, mail, reports and ingame chat (if reported by others).
- The hackers warned staff before releasing the leaks (as confirmed by Xenonetix). Staff did not warn us.
- The hackers have write-access to the database (as confirmed by Xenonetix). This opens up a couple of XSS attack vectors (see: hackers running code on your computer, for example: viruses, key loggers, etc.).
Staff do not think this is a problem. ¯\_(ツ)_/¯
This game is currently not safe to play.
The staff fail to understand the importance of this issue (as shown by Xenonetix', LukeM's and Zoey2070's actions).
They neglect to inform the users.
They neglect to take necessary action to prevent more harm to players.
They are too busy spreading misinformation on this thread and others.
I have never thought of programming for reputation and honor. What I have in my heart must come out. That is the reason why I code.
Offline
I got some more news for you guys.
The exported list of accounts seems to only contain EE.com accounts created before Monday, January 21, 2019 10:55 PM (UTC; +- 12 hours depending on your timezone and the accuracy of your computer time).
This means that the attackers had access to the accounts list at least as of January 21st.
Note that this does not prove that the attackers no longer have access to the game, in fact, the IP addresses in the leak are up to date.
The other leak containing mails did contain very up to date information as well.Here's a summary of what we know:
- Usernames, emails, ip addresses, facebook profiles was leaked yesterday.
- Mails and reports were leaked. These contained private photos, videos, snapchat and instagram profiles, real names, passwords, home addresses, ...
- The database is still compromised (as confirmed by LukeM). This gives hackers access to your IP address (therefore current location, ISP), emails, mail, reports and ingame chat (if reported by others).
- The hackers warned staff before releasing the leaks (as confirmed by Xenonetix). They did not warn us.
- The hackers have write-access to the database (as confirmed by Xenonetix). This opens up a couple of XSS attack vectors (see: hackers running code on your computer, for example: viruses, key loggers, etc.).Staff do not think this is a problem. ¯\_(ツ)_/¯
This game is currently not safe to play.
The staff fail to understand the importance of this issue (as shown by Xenonetix', LukeM's and Zoey2070's actions).
They neglect to inform the users.
They neglect to take necessary action to prevent more harm to players.
They are too busy spreading misinformation on this thread and others.
how about ee.com accounts that are not connected to facebook?
and how about ee.com accounts that were connected to facebook?
EDIT: Now, seeing how Processor is acting I think we should remember what really was the worst day in EE: 2017-03-08
LukeM, if I may explain to you why you should temporarily shutdown the game:
1. It lowers risk and prevents players from logging in, making it safer
2. While shutting down the game doesn't exactly solve the problem, it's more of a precaution to keep things from getting worse.
We would shut down the game if we had any reason to suspect that it would help, as we've already shown that we're prepared to do several times earlier this week. Processor seems to have only known about this since yesterday, and is basically only working on gossip, we've been working on this for over a week and have all the internal information to work on
Offline
By opening everybodyedits.com, your IP address is leaked to the hackers.
By signing up for the game, you give away your email to the hackers.
Any in-game mail you send will also be accessible by hackers.
Any report your send is visible to the hackers.
we've been working on this for over a week and have all the internal information to work on
Staff has known this for over a week.
They haven't disabled or fixed any of the affected services yet.
I have never thought of programming for reputation and honor. What I have in my heart must come out. That is the reason why I code.
Offline
Correct me if I'm wrong but if the attacker has access to the database, there's no "fixing affected services." Only option (besides the nuclear option of shutting down the game) is kicking the dude out, no partial answers beyond what we've already seen: preventing any more database editing from happening.
"Sometimes failing a leap of faith is better than inching forward"
- ShinsukeIto
Offline
Where did you find out all the information, did the staff tell it on the discord server?
Time before becoming a Member - Leaderboard
1. Whirl - 9 months
2. KirbyKareem - 8 months
3. pwnzor - 2.4 months
4. MWstudios - 2 months
5. ILikeTofuuJoe - 1.5 months
Piskel is the best GIF maker I've seen
HG's signature for me - Anatoly's signature for me
The Mashed Potatoes Song - The longest post on EE forums - Play my Minesweeper
Offline
i created my acc back in 2015, when i was using fake emails, so im safe
Offline
Correct me if I'm wrong but if the attacker has access to the database, there's no "fixing affected services." Only option (besides the nuclear option of shutting down the game) is kicking the dude out, no partial answers beyond what we've already seen: preventing any more database editing from happening.
We're currently waiting on PlayerIO to make the final permission changes that we're not able to do ourselves, we have significant evidence to believe that this would prevent the exploits that are being used.
Currently theres nothing that we can really do, the attacker has direct DB access (and from what we can tell, only direct DB access), so shutting down the game doesn't really do anything, the only thing that we could do that would stop them for good would be to completely delete the game, which for obvious reasons isn't an option
We are currently working on disabling all the collection of potentially sensitive information, such as in-game mail and IP addresses, and we aim to release this update within the next hour or so.
As for the account info leak, the export seems to have been made on the 5th January, so we still strongly believe that they don't currently have access to anything more serious than the game database, so once we make these changes we don't believe they will be able to do anything more than what they have already done (which means that as we've been saying throughout this whole incident, all passwords are safe, and would continue to be even if we did nothing to defend from the attacks).
Offline
Different55 wrote:Correct me if I'm wrong but if the attacker has access to the database, there's no "fixing affected services." Only option (besides the nuclear option of shutting down the game) is kicking the dude out, no partial answers beyond what we've already seen: preventing any more database editing from happening.
We're currently waiting on PlayerIO to make the final permission changes that we're not able to do ourselves, we have significant evidence to believe that this would prevent the exploits that are being used.
Currently theres nothing that we can really do, the attacker has direct DB access (and from what we can tell, only direct DB access), so shutting down the game doesn't really do anything, the only thing that we could do that would stop them for good would be to completely delete the game, which for obvious reasons isn't an option
We are currently working on disabling all the collection of potentially sensitive information, such as in-game mail and IP addresses, and we aim to release this update within the next hour or so.
As for the account info leak, the export seems to have been made on the 5th January, so we still strongly believe that they don't currently have access to anything more serious than the game database, so once we make these changes we don't believe they will be able to do anything more than what they have already done (which means that as we've been saying throughout this whole incident, all passwords are safe, and would continue to be even if we did nothing to defend from the attacks).
I see. Thanks you for the reply. Still, since this breach happened, shouldn't we still be a little alert, just in case that something suspicious could happen to our accounts? I mean, I know you said that and all, but we... no, I'd like to say, I don't really know a lot of this advanced security thing.
Thanks you for the honest reply, and I really hope that the issue can be resolved permanently in the next hours.
Offline
Different55 wrote:Correct me if I'm wrong but if the attacker has access to the database, there's no "fixing affected services." Only option (besides the nuclear option of shutting down the game) is kicking the dude out, no partial answers beyond what we've already seen: preventing any more database editing from happening.
We're currently waiting on PlayerIO to make the final permission changes that we're not able to do ourselves, we have significant evidence to believe that this would prevent the exploits that are being used.
Currently theres nothing that we can really do, the attacker has direct DB access (and from what we can tell, only direct DB access), so shutting down the game doesn't really do anything, the only thing that we could do that would stop them for good would be to completely delete the game, which for obvious reasons isn't an option
We are currently working on disabling all the collection of potentially sensitive information, such as in-game mail and IP addresses, and we aim to release this update within the next hour or so.
As for the account info leak, the export seems to have been made on the 5th January, so we still strongly believe that they don't currently have access to anything more serious than the game database, so once we make these changes we don't believe they will be able to do anything more than what they have already done (which means that as we've been saying throughout this whole incident, all passwords are safe, and would continue to be even if we did nothing to defend from the attacks).
Thanks because obviously my information is no longer safe with ee anymore when promised
Thanks because obviously my information is no longer safe with ee anymore when promised
We don't store any of that information, it must have either been guessed from your IP address, been included in your in-game mail, or found out through some other means.
Offline
LukeM wrote:Different55 wrote:Correct me if I'm wrong but if the attacker has access to the database, there's no "fixing affected services." Only option (besides the nuclear option of shutting down the game) is kicking the dude out, no partial answers beyond what we've already seen: preventing any more database editing from happening.
We're currently waiting on PlayerIO to make the final permission changes that we're not able to do ourselves, we have significant evidence to believe that this would prevent the exploits that are being used.
Currently theres nothing that we can really do, the attacker has direct DB access (and from what we can tell, only direct DB access), so shutting down the game doesn't really do anything, the only thing that we could do that would stop them for good would be to completely delete the game, which for obvious reasons isn't an option
We are currently working on disabling all the collection of potentially sensitive information, such as in-game mail and IP addresses, and we aim to release this update within the next hour or so.
As for the account info leak, the export seems to have been made on the 5th January, so we still strongly believe that they don't currently have access to anything more serious than the game database, so once we make these changes we don't believe they will be able to do anything more than what they have already done (which means that as we've been saying throughout this whole incident, all passwords are safe, and would continue to be even if we did nothing to defend from the attacks).
Thanks because obviously my information is no longer safe with ee anymore when promised
Ok now the real question is - who uses white theme?
Offline
LukeM wrote:Different55 wrote:Correct me if I'm wrong but if the attacker has access to the database, there's no "fixing affected services." Only option (besides the nuclear option of shutting down the game) is kicking the dude out, no partial answers beyond what we've already seen: preventing any more database editing from happening.
We're currently waiting on PlayerIO to make the final permission changes that we're not able to do ourselves, we have significant evidence to believe that this would prevent the exploits that are being used.
Currently theres nothing that we can really do, the attacker has direct DB access (and from what we can tell, only direct DB access), so shutting down the game doesn't really do anything, the only thing that we could do that would stop them for good would be to completely delete the game, which for obvious reasons isn't an option
We are currently working on disabling all the collection of potentially sensitive information, such as in-game mail and IP addresses, and we aim to release this update within the next hour or so.
As for the account info leak, the export seems to have been made on the 5th January, so we still strongly believe that they don't currently have access to anything more serious than the game database, so once we make these changes we don't believe they will be able to do anything more than what they have already done (which means that as we've been saying throughout this whole incident, all passwords are safe, and would continue to be even if we did nothing to defend from the attacks).
Thanks because obviously my information is no longer safe with ee anymore when promised
Who is that Cody guy?
Offline
Here is some new information I found.
1) The attackers are attacking to spite Xenonetix.
2) There are two attackers who identified themselves as Elonmusk69 and Bob (The 1337 Hacker).
3) When you put Elonmusk69 into ee.yonom.org, there is an error saying that it is attempting a write command instead of a read command.
4) The above means that they are using stored code injections that most likely get run when you view the profile for elonmusk69.
5) If you type, an invalid profile name, everybodyedits responds with a "File Not Found" response, which means it could be vulnerable to LFI or Path Traversal attacks.
6) The message written to XENONETIX was written in memespeak (i.e. rawr and owo and the like), but it appears to be intentionally written that way. So, maybe the attackers are dank memesters/children/childish.
7) The link with the leaks is written in Russian, so maybe the hackers are Russian.
8) The files were created Apr. 18th. So, they had access at least Apr. 18th or before.
9) IP, usernames, emails, user locations (almost to a full address), and for some, their full name they use on Facebook.
Here is the message from the hackers, with the links to the leaks removed.
88888888888 88888888888 88 88
88 88 88 88
88 88 88 88
88aaaaa 88aaaaa 88 ,adPPYba, ,adPPYYba, 88 ,d8 ,adPPYba,
88""""" 88""""" 88 a8P_____88 "" `Y8 88 ,a8" I8[ ""
88 88 88 8PP""""""" ,adPPPPP88 8888[ `"Y8ba,
88 88 88 "8b, ,aa 88, ,88 88`"Yba, aa ]8I
88888888888 88888888888 88888888888 `"Ybbd8"' `"8bbdP"Y8 88 `Y8a `"YbbdP"' v2.0
WE R GLAD EVRYONE HAV ZO VAR BEEN ENJOYIN OUR LAST PRIVATE MESAGE AN MODERATOR REPORTS LEAK. WE HOPE EVRYONE ENJOY THEES LEAK 2!
XENONETIX ASK ME Y DO I IT? SIMPLE. FU, DAT IZ Y. :-D
A COLLECSHUN OV DUMPD PRIVATE UNENCRYPTD EMAIL ADDRESS AND REAL NAME AND IPADDRESS FRUM EVRYBODY EDITZ. :-) owo
--Removed Link
--Removed Link
C U IN DA WURLDZ!
/Bob(The 1337 Hacker ♥w♥) & ElonMusk69
Offline
Here is some new information I found.
1) The attackers are attacking to spite Xenonetix.
2) There are two attackers who identified themselves as Elonmusk69 and Bob (The 1337 Hacker).
3) When you put Elonmusk69 into ee.yonom.org, there is an error saying that it is attempting a write command instead of a read command.
4) The above means that they are using stored code injections that most likely get run when you view the profile for elonmusk69.
5) If you type, an invalid profile name, everybodyedits responds with a "File Not Found" response, which means it could be vulnerable to LFI or Path Traversal attacks.
6) The message written to XENONETIX was written in memespeak (i.e. rawr and owo and the like), but it appears to be intentionally written that way. So, maybe the attackers are dank memesters/children/childish.
7) The link with the leaks is written in Russian, so maybe the hackers are Russian.
8) The files were created Apr. 18th. So, they had access at least Apr. 18th or before.
9) IP, usernames, emails, user locations (almost to a full address), and for some, their full name they use on Facebook.Here is the message from the hackers, with the links to the leaks removed.
88888888888 88888888888 88 88
88 88 88 88
88 88 88 88
88aaaaa 88aaaaa 88 ,adPPYba, ,adPPYYba, 88 ,d8 ,adPPYba,
88""""" 88""""" 88 a8P_____88 "" `Y8 88 ,a8" I8[ ""
88 88 88 8PP""""""" ,adPPPPP88 8888[ `"Y8ba,
88 88 88 "8b, ,aa 88, ,88 88`"Yba, aa ]8I
88888888888 88888888888 88888888888 `"Ybbd8"' `"8bbdP"Y8 88 `Y8a `"YbbdP"' v2.0WE R GLAD EVRYONE HAV ZO VAR BEEN ENJOYIN OUR LAST PRIVATE MESAGE AN MODERATOR REPORTS LEAK. WE HOPE EVRYONE ENJOY THEES LEAK 2!
XENONETIX ASK ME Y DO I IT? SIMPLE. FU, DAT IZ Y. :-D
A COLLECSHUN OV DUMPD PRIVATE UNENCRYPTD EMAIL ADDRESS AND REAL NAME AND IPADDRESS FRUM EVRYBODY EDITZ. :-) owo
--Removed Link
--Removed LinkC U IN DA WURLDZ!
/Bob(The 1337 Hacker ♥w♥) & ElonMusk69
Let me add into the list:
10) This is old and seen by every single one of us, this is not new.
11) You might want to join in the discord server where most of the info is and happens.
12) Some of your points make no sense and if you were serious writing them - that's sad.
Offline
3) When you put Elonmusk69 into ee.yonom.org, there is an error saying that it is attempting a write command instead of a read command.
4) The above means that they are using stored code injections that most likely get run when you view the profile for elonmusk69.
5) If you type, an invalid profile name, everybodyedits responds with a "File Not Found" response, which means it could be vulnerable to LFI or Path Traversal attacks.
????
ee.yonom.org is a 3rd party tool. If it returns an error, it doesn't mean that the main source is the issue.
Just to give you an example: ee-api.lrussel.net returns a valid account.
"File not found" error says that there is an entry missing in "usernames" table, but the playerobjects account is still there.
6) The message written to XENONETIX was written in memespeak (i.e. rawr and owo and the like), but it appears to be intentionally written that way. So, maybe the attackers are dank memesters/children/childish.
Really hard detective work by you.
Anyone can use memespeak, it doesn't mean they are kinds who like dank memes.
9) IP, usernames, emails, user locations (almost to a full address), and for some, their full name they use on Facebook.
All they have is a list of emails, hashed passwords and ip addresses.
Using pio's database they can get player's username and facebook profile
Using ip address they can get the location of the internet provider of the user down to the city. They can't get closer than that without contacting directly to provider.
I know why hackers do this, EE has completely died as a game and lives as a weird chronically breathing zombie. There are no love or warm feeling left so hackers have nothing to stop themselves from destroying the game and ending it's misery.
As ee history showed us, when community and staff abandons the game, hackers rise. We saw that in "Summer vacation" time when teleporthacker released their client. We saw that in Nou era when 667 client was popular. Each time the game was temporarily revived and hackers calmed down.
At this point, development of everybody edits has been stopped completely due to EEU. Situation with EE Owner is terrible, because they don't convey any respect by the majority of the adult community (quite the opposite, people make fun of Xenonetix for his actions).
Just a side note: I suggested abandoning Lobby overhaul in favor of development of EEU when i was admin. I made my points clear: There is no reason to delay the production of the new game for the major update of the old one. No one would care about lobby when EEU is delayed.
And what do we see now? I am 100% sure EEU would've come out already if it wasn't for lobby overhaul update. And who the hell cares about lobby at this point? This is what i was talking about when i called your management as an owner stupid, xenonetix. I hope you can see it at least now
Offline
As always, Xeno looks away instead into the mirror.
Hi.
Offline
Oh. I guess that's what I get for trying to play detective.
Offline
[ Started around 1732224176.7084 - Generated in 0.196 seconds, 12 queries executed - Memory usage: 1.94 MiB (Peak: 2.28 MiB) ]