Do you think I could just leave this part blank and it'd be okay? We're just going to replace the whole thing with a header image anyway, right?
You are not logged in.
Hi Everybody,
On Saturday, March 23rd, 2019, multiple files were unfortunately released containing information on almost every Everybody Edits account from July 9th, 2010 to January 5th, 2019. We wish to address this leak, explain who is and is not affected, and what has been done to avoid such incidents in future.
There are 4 types of Everybody Edits accounts:
Main Site Accounts (SimpleIDs)
Facebook Accounts
Kongregate Accounts
ArmorGames Accounts
Thankfully, all Kongregate and ArmorGames accounts are safe. The only information we ever stored from these accounts were IDs to link Everybody Edits to their respective sites. As far as we are aware, Kongregate has not received any similar breaches, meaning no information has been released regarding any of these accounts. However, ArmorGames recently released their own statement.
Sadly, some Facebook accounts have been affected. Facebook IDs are stored, and the names (and only the names, not emails) are taken from the Facebook Profiles associated. As such, the information released included the real names of most of our Facebook users, and, in some cases, the ability to view Facebook profiles associated with the accounts.
This leaves us with the Simple Accounts. Here is the personal information we do not store:
Names
Dates of Birth
National Insurance/Social Security Numbers
Phone Numbers
Any information connected to looks, appearance and behaviour
Salary
Tax Information
Student Numbers
Ethnicity
Religion
Political Alignment Information
Medical History
Genetic Data
Any financial information, such as card details.
We did store:
Email Addresses
Passwords
IP Addresses
Date of Registration
Passwords are fully hashed/encrypted, and have not been leaked or dehashed/decrypted in these documents. However, this whole endeavour is a good lesson in how important it is to make sure: Your password should be different on every site you have an account on. There are some individuals which have searched for leaks from other sites where the email addresses in these documents are listed, and have found passwords through those, trying them on Everybody Edits accounts only to find it successfully logs them in. As such, we highly recommend updating your password on Everybody Edits, and every few weeks after.
Most of the IP Addresses that were leaked are now outdated, as they were the last known login IP addresses as of 5th January, 2019. Nevertheless, we sincerely apologise that the IP Addresses were stored at all, and we have now disabled collection of IP addresses. We are now only able to access your IP address while you are logged on (which we rarely need to do anyway).
The IP Addresses (that were available) were released for both the Email Addresses and the Facebook Accounts. As such, regrettably, the Facebook Accounts are the most at risk here, if your IP Address hasn't updated since you last logged on prior to 5th January, 2019. As far as we are aware, there is no danger of anyone accessing your Facebook account, but if someone out there really wanted to track down your location for whatever reason, they may be able to find out a good approximation of where you live via your real name and IP Address, even though it's rare that IP Addresses can pinpoint an exact location within a zone. We realize this is scary, and we're sorry it ever got to this stage, but, if possible, if this does apply to you, we would advise using Virtual Private Networks to hide your IP address in future.
The following is what we see when we view the stored account information. There is no way for us (or anyone) to access the IP Address or the Password.
Let's move on to how this breach occurred. On 5th January, 2019, we believe a staff member at the time exported the entirety of this storage area from this link:
We do not know the reason the staff member in question chose to export this information, and we don't believe this staff member was involved in any of the recent hacking. However, the export sends an email to the person logged in to Player.IO with the exported information via a link to download the file(s). It has been confirmed that anyone that knows how these files are formatted is able to run a program going through every 'DateTime' within a certain period, and access the file themselves, which is how we believe the hackers got hold of these files. We have been in contact with Player.IO, which has now updated their systems, so these exports can no longer be found as easily, by adding extra completely random strings into the links. As such, we believe it is no longer possible to access this information in this manner. I am also the sole individual able to export these files now, and I have no intention, or need, to do so.
Separate to this, the hackers appeared to have access to what is known as the "BigDB", where the "OnlineStatus" information is stored. Below is the information we have, and the information was exported in a similar fashion as above. As such, the hackers may have been able to access this export in a similar manner if they didn't have access themselves.
Previously, this information was kept with the IP Address for years, but this is no longer the case, so it is now only possible for us to see your IP Address while you're logged in. I believe this includes if you have "Remember Me" ticked, so you do not have to input your information on every login.
We have taken every precaution to make sure such an incident can never happen again. Player.IO has successfully co-operated and transferred the game again to a new Player.IO account I created, and all current members of staff have brand new Player.IO accounts as well, just in case one of us was somehow compromised. Our contact at Player.IO has confirmed that anyone that may previously have had access through a development server is now locked out, so whatever access the hackers once had is no longer possible.
Another possibility for how the hackers gained access was through 'connections', which are the systems we use to authorize people. For example, there was once a "Facebook" connection, which has now been deleted entirely, and we have updated all of the access keys to all the connections, so only the current developers are able to use them to change information.
We appreciate your patience and support through this whole ordeal. Please contact [email protected] if you wish to have the email associated with your account changed to a new one, and I will work over the next few days to get as many of those updated as possible.
I am personally sorry any of this occurred, and we have done all we can to make sure this can never ever happen again.
Sincerely,
Chris Lamb
Owner of Everybody Edits
~ Xenonetix ~
Offline
On 5th January, 2019, we believe a staff member at the time exported the entirety of this storage area from this link:
Could it be one of the staff who resigned or got fired?
Time before becoming a Member - Leaderboard
1. Whirl - 9 months
2. KirbyKareem - 8 months
3. pwnzor - 2.4 months
4. MWstudios - 2 months
5. ILikeTofuuJoe - 1.5 months
Piskel is the best GIF maker I've seen
HG's signature for me - Anatoly's signature for me
The Mashed Potatoes Song - The longest post on EE forums - Play my Minesweeper
Offline
Xenonetix wrote:On 5th January, 2019, we believe a staff member at the time exported the entirety of this storage area from this link:
Could it be one of the staff who resigned or got fired?
I doubt
It was Luke, I think.
Offline
information on almost every Everybody Edits account from July 9th, 2010 to January 5th, 2019.
Wasn't the export made on 21st January 2019 as you stated previously?
Not judging here, but it seems like switching the date to the exact date of my quitting might suggest some people that i was the one who exported and shared it as a "revenge" (which isn't the case obviously)
Offline
you literally claimed passwords arent leaked and now youre saying the opposite
i also find it funny how you made a large list of data that you do not store and tossed random completely irrelevant **** into it
did you do that to make the users feel less worried about their emails/passwords leak?
e.g. "well, my password & email got stolen but my genetic data and religion are safe! woohoo!"
youre not serious, are you
Offline
MWstudios wrote:Xenonetix wrote:On 5th January, 2019, we believe a staff member at the time exported the entirety of this storage area from this link:
Could it be one of the staff who resigned or got fired?
I doubt
It was Luke, I think.
That actually isn't important. As Xenonetix mentioned earlier the "hackers" have been breaking into the game, not just asking Luke for that.
Who cares. So long as you aren't stupid and use the same account info for other things, the only thing at risk is your account on a dead game that doesn't really matter. On the other hand, if you are stupid enough to use the same email and password for other things, you deserve what's coming.
Not to mention, I think my account was once upon a time on one of those password sharing sites anyway, before I changed my email, and nothing really happened to it.
Despite what people say, Different55 is the best mod.
Offline
e.g. "well, my password & email got stolen but my genetic data and religion are safe! woohoo!"
I think it's just to end different false talks what has been leaked and what has been not.
Offline
Xenonetix wrote:information on almost every Everybody Edits account from July 9th, 2010 to January 5th, 2019.
Wasn't the export made on 21st January 2019 as you stated previously?
Not judging here, but it seems like switching the date to the exact date of my quitting might suggest some people that i was the one who exported and shared it as a "revenge" (which isn't the case obviously)
We were previously going off information provided by Processor, and for some reason trusting his date, which we clearly shouldn't have done. Luke did further analysis to find out the date was actually the 5th January. Feel free to check the documents yourself.
Whether we were to speculate that you were the person to export on that date or not, you have declined doing so. Whether you were the one to export or not, I do not believe you shared it, but the link PIO exported was not secure, and others have found ways to access the exact file exported on that date. We do not know the email address to which the file was exported, but we know that it was exported between 21:33 UTC and 22:50 UTC on the 5th January, because the last account in the documents was included at 21:33, and the next account in the database was created at 22:50, and not included. People can be free to speculate all they like with that information, but those are the facts. Player.IO has now added further security for their exports for all their clients.
Offline
We were previously going off information provided by Processor, and for some reason trusting his date, which we clearly shouldn't have done.
so if Processor doesn't get all the information from EE staff (but EE staff from him), where does he get it?
Time before becoming a Member - Leaderboard
1. Whirl - 9 months
2. KirbyKareem - 8 months
3. pwnzor - 2.4 months
4. MWstudios - 2 months
5. ILikeTofuuJoe - 1.5 months
Piskel is the best GIF maker I've seen
HG's signature for me - Anatoly's signature for me
The Mashed Potatoes Song - The longest post on EE forums - Play my Minesweeper
Offline
Who cares.
Thank you. Now, when you bully me, I'm no longer feeling useless, because this - in fact - is an over trashed comment. LITERALLY EVERYONE CARES! The entire drama was because passwords were leaked. Congratulations, because you blocked people with IQ under 50, you missed every message of the forum. Passwords were leaked, and many users have everywhere the same password, and if you don't care, why do you response at all?
IPs were leaked, Names were leaked, Emails were leaked.
If you don't care, I'll only ask who are you, if your personal information isn't important?
EDIT: Yay 3 dramas this year already. #FireXenonetix #HireXenonetixToPresident
272 wrote:Who cares.
Thank you. Now, when you bully me, I'm no longer feeling useless, because this - in fact - is an over trashed comment. LITERALLY EVERYONE CARES! The entire drama was because passwords were leaked. Congratulations, because you blocked people with IQ under 50, you missed every message of the forum. Passwords were leaked, and many users have everywhere the same password, and if you don't care, why do you response at all?
IPs were leaked, Names were leaked, Emails were leaked.
If you don't care, I'll only ask who are you, if your personal information isn't important?
For one, I unfortunately can't block anybody on the forum. For another, the only "personal information" that got "leaked", was my EE password, and my email address. If you wanted my email, you can just ask me, as I give that out to people to contact me all the time. Finally, I don't care what happens to my account on this game. Feel free to use it or whatever if you end up finding my ridiculously easy password that even a bot could figure out.
Names were only leaked if you were logging in from Facebook. If you could actually get anything important and/or relevant from my name, kudos to you, you're better at finding things than I am. Neither of which I care about. IPs even really don't matter because that doesn't even give you exact locations, just a generalized area.
Anyway, you are over reacting WAY too much.
EDIT: Holy **** 271 posts... oh boy oh boy oh boy.
Despite what people say, Different55 is the best mod.
Offline
The passwords have NOT been leaked to my knowledge. (expect for very few)
The only passwords that have been leaked, that I know of, are the passwords of accounts shared within the in-game mail feature.
It is important however to have different password between websites.
Everybody edits, but some edit more than others
Offline
Finally! Thank you for the honest and thorough report @Xenonetix.
It's true that the export was likely made on January 5th and not on Jan 21st, that is a mistake on my part. I went ahead and corrected my original post.
However, please, lets not point fingers. This doesn't prove that Gosha is at guilt. It only makes him look suspicious.
I have never thought of programming for reputation and honor. What I have in my heart must come out. That is the reason why I code.
Offline
Processor for staff when?
Despite what people say, Different55 is the best mod.
Offline
Processor for staff when?
We just have to wait couple years ago
Offline
272 wrote:Processor for staff when?
We just have to wait couple years ago
Oh, lmao. I might have been quit back then.
Despite what people say, Different55 is the best mod.
Offline
i know the january 5 thing was pretty much only changed for the classic xenonetix “guilty until proven innocent” but perhaps it would have been a good idea not to burn bridges between the staff?
I have to say.
The communication between Staff and Community is completely and absolutely garbage. Very disappointed considering all of the current staff was once part of the community, as casual players.
We understand you are trying to remain professional, Xenonetix. But that's not what we are asking for. We want honesty and straightforwardness. I wish I could react the same as Processor, being grateful and move on, but it would feel wrong doing it, as you waited 5 days to tell the whole entire community about the current situation.
The community is too small and united to be acting professional and distant. This whole ordeal started 1 month ago, and has only been resolved today.
Damage has been done because of your security, me including many others don't feel at ease knowing their IP adress and emails got leaked due to your poor management.
Tens if not hundreds of people donated to patreon because they blindly hoped for the best, and once again you deceived all of them, and us.
I would like to point out that this is entirely your fault, I have all the rights to be angry about it since a certain someone decided to take a whopping 5 days to warn everyone about it. You're seriously **** ridiculous and you should be ashamed of making 3 identical topics apologizing and doing pratically nothing about it.
So that brings us to today. All the accounts have been restored to their former glory!
As for today's "attack", we've got to hold our hands up and say that one was our mistake. Whoops.
All this being said, I would like to reassure you all that your Everybody Edits login credentials were never compromised or accessed by the hacker.
On a positive note, we have now succeeded in blocking out all the hackers from being able to edit anything or accessing any information
How are you going to lie then remain silent about it?
Get your **** together!
I have to say.
The communication between Staff and Community is completely and absolutely garbage. Very disappointed considering all of the current staff was once part of the community, as casual players.
We understand you are trying to remain professional, Xenonetix. But that's not what we are asking for. We want honesty and straightforwardness. I wish I could react the same as Processor, being grateful and move on, but it would feel wrong doing it, as you waited 5 days to tell the whole entire community about the current situation.
The community is too small and united to be acting professional and distant. This whole ordeal started 1 month ago, and has only been resolved today.
Damage has been done because of your security, me including many others don't feel at ease knowing their IP adress and emails got leaked due to your poor management.
Tens if not hundreds of people donated to patreon because they blindly hoped for the best, and once again you deceived all of them, and us.
I would like to point out that this is entirely your fault, I have all the rights to be angry about it since a certain someone decided to take a whopping 5 days to warn everyone about it. You're seriously **** ridiculous and you should be ashamed of making 3 identical topics apologizing and doing pratically nothing about it.
Xenonetix wrote:So that brings us to today. All the accounts have been restored to their former glory!
Ss for today's "attack", we've got to hold our hands up and say that one was our mistake. Whoops.
All this being said, I would like to reassure you all that your Everybody Edits login credentials were never compromised or accessed by the hacker.
On a positive note, we have now succeeded in blocking out all the hackers from being able to edit anything or accessing any information
How are you going to lie then remain silent about it?
Get your **** together!
If you're not happy, leave the game?
If you're not happy, leave the game?
You're completely irrelevant. get out.
Kira wrote:Sqwairle wrote:If you're not happy, leave the game?
You're completely irrelevant. get out.
Why not contacting Xeno instead, he will answer you that the game is doing well. Everything is under control, you're just mad because for no reasons
He's mad because all of your details get leaked like that and it only took him this long to actually do something about, I'm scared for eeu if this happens again and nobody decides to give a **** for many days. This is biggest data breach and the staff just brush it off like it's nothing
Sqwairle wrote:Kira wrote:Sqwairle wrote:If you're not happy, leave the game?
You're completely irrelevant. get out.
Why not contacting Xeno instead, he will answer you that the game is doing well. Everything is under control, you're just mad because for no reasons
He's mad because all of your details get leaked like that and it only took him this long to actually do something about, I'm scared for eeu if this happens again and nobody decides to give a **** for many days. This is biggest data breach and the staff just brush it off like it's nothing
They contacted PlayerIO several days ago. It was PlayerIO that took forever to do anything about it, not the staff team.
Click the image to see my graphics suggestions, or here to play EE: Project M!
Offline
Joeyc wrote:Sqwairle wrote:Kira wrote:Sqwairle wrote:If you're not happy, leave the game?
You're completely irrelevant. get out.
Why not contacting Xeno instead, he will answer you that the game is doing well. Everything is under control, you're just mad because for no reasons
He's mad because all of your details get leaked like that and it only took him this long to actually do something about, I'm scared for eeu if this happens again and nobody decides to give a **** for many days. This is biggest data breach and the staff just brush it off like it's nothing
They contacted PlayerIO several days ago. It was PlayerIO that took forever to do anything about it, not the staff team.
So if PlayerIO is so crap, I think it's even more of a reason to switch to HTML5 asap.
Despite what people say, Different55 is the best mod.
Offline
I'm gonna be honest, this entire topic feels like when a big corporation **** up royally and then they have to crank out a copy pasted apology just to calm people down before they lose too much money.
This entire thing feels insincere. It took you literal days just to talk about this, Xeno. How can you sit silently while a fire is burning everywhere around you? xD
How long will it take me to get banned again?
Place your bets right here.
Offline
rat, Kikikan, TaskManager, 272
[ Started around 1732365415.5539 - Generated in 0.193 seconds, 12 queries executed - Memory usage: 2 MiB (Peak: 2.35 MiB) ]