Data Security Breach 2 - Please Update Your Passwords

icepegasus · 2019-07-23 07:46:03

XxAtillaX wrote:

Player.IO does infact hash passwords, and it does convert to lowercase prior to hashing, which rules out any ridiculous compromise of Player.IO

It explains why logging in to ee is case insensitive, but even so the leaked passwords were all case sensitive

raprap · 2019-07-23 08:18:28

good thing i'm not in there

peace · 2019-07-23 09:43:04

maby staff acoutneds needs an extra security like after you guessedthe email and password you need to do another thing to verify youre the staffmember this could saty if ur ex staffmember for a while if there are still ways that you as ex staffmemeber can get acces to something a hacker coudl use nicely

Trytu

NoNK · 2019-07-23 11:21:52

Early 2019: Wow I hope EE comes soon
Mid 2019: Haha yes! My password hasn't been leaked this is awesome

Charlie59876EE, Mariomaster, Kikikan, SirJosh3917, Taylor, Andymakeer, PTU, kaj93, Grilyon2, Mait

Nebula · 2019-07-23 11:22:55

NoNK wrote:

Early 2019: Wow I hope EEU comes soon
Mid 2019: Haha yes! My password hasn't been leaked this is awesome

Even awesome might to come if the account isn't been leaked.

Charlie59876EE · 2019-07-23 11:55:24

Processor wrote:

I got a peek at the used passwords by Xenonetix and bytearray and both were terrible passwords that could have been easily guessed.
While these passwords were likely not the same ones used on PlayerIO, they show you the general approach staff takes with security.

How did you get access to these passwords? were they leaked as well? also if the passwords have been changed, could you tell me what they were? no reason im just curious

Gosha · 2019-07-23 12:00:51

Charlie59876EE wrote:

also if the passwords have been changed, could you tell me what they were? no reason im just curious

capasha, TaskManager, St1ckS4m(EE), EnanoTLL, SirJosh3917, Joeyjoey65

capasha · 2019-07-23 12:52:59

icepegasus wrote:

XxAtillaX wrote:
Player.IO does infact hash passwords, and it does convert to lowercase prior to hashing, which rules out any ridiculous compromise of Player.IO
It explains why logging in to ee is case insensitive, but even so the leaked passwords were all case sensitive

Did you read? Every password are converted to lowercase. If you make a password uppercase it will automatic be lowercase in all games.
Whcih mean PIO's security to password is ****. How the hack was made, so didn't they bruteforce the passwords. Because the password is both in uppercase and lowercase.
For me is there a backdoor or a swf that got added which collected passwords.

peace · 2019-07-23 16:44:58

holy **** PIO passwords should ALWAYS be case sensitive 52 characters +(all numbers and symbols) vs 26 +(al numbers and symbols) its a diffrence

Phinarose · 2019-07-23 17:11:55

XxAtillaxX wrote:

Player.IO has fairly smart security with logins. It is throttled on a very small number of failed attempts, and you won't know you've hit the throttle. It's silent. I've tried bruteforcing accounts before, it doesn't work. I'm sure many others have tried as well, and to no avail.

I don't think that it is bruteforcing.

icepegasus · 2019-07-23 22:39:04

capasha wrote:

icepegasus wrote:
XxAtillaX wrote:
Player.IO does infact hash passwords, and it does convert to lowercase prior to hashing, which rules out any ridiculous compromise of Player.IO
It explains why logging in to ee is case insensitive, but even so the leaked passwords were all case sensitive
Did you read? Every password are converted to lowercase. If you make a password uppercase it will automatic be lowercase in all games.
Whcih mean PIO's security to password is ****. How the hack was made, so didn't they bruteforce the passwords. Because the password is both in uppercase and lowercase.
For me is there a backdoor or a swf that got added which collected passwords.

Well I was talking to seb about it which he got leaked aswell, and his password was indeed case sensitive, but when he logs on ee he just uses all lowercase, yet the leak did get his uppercase letters too, so I don't think it's a bugged swf

peace · 2019-07-24 10:55:56

poor xeno http://prntscr.com/ojbpb0 someone send this ppic in th ekoong chat i checked wiht my kong alt and oma gawd alos upon opening xenos porfile noting loaded showing on home page inst possible as you cant laod agem on home page

peace · 2019-07-24 22:09:03

uh is it possible that some more accounts got affected after this post was made by you xeno? and is it possilbe that the guy could get into my kogn acc because somethign weir dhappaned ive done on my kong ee acc (which is ****) hilderens farm today or yesterday and havent entered any campaing afterwards now i wanted to play best of EE campaing (yes i finaly got in the world wihtout sever timing outs) upon joinign the first world i said do you want to overwirte MK mushrroom cup (tier 1 speedrun) i clicked yes but i neevr joined the world my usernam eon there is HRISUGRS

Xenonetix · 2019-07-25 07:21:29

peace wrote:

uh is it possible that some more accounts got affected after this post was made by you xeno?

It is. I don't believe it's possible they could have gotten any further passwords.

peace wrote:

is it possilbe that the guy could get into my kogn acc because somethign weir dhappaned ive done on my kong ee acc (which is ****) hilderens farm today or yesterday and havent entered any campaing afterwards now i wanted to play best of EE campaing

It's relatively unlikely they "got into" your account. Almost everything going on has been happening backend, so unless you share your Kong account email and password with your EE email and password, I don't see a way for other people to access your Kong account that would be in any way connected to EE.

Pqwerty, kaj93, Bobyy

soniiiety · 2019-07-27 02:20:50

YYAY my account isnt on the list

man they hacked lame accounts

Charlie59876EE · 2019-07-27 12:11:08

soniiiety wrote:

YYAY my account isnt on the list
man they hacked lame accounts

and my account

Joeyjoey65

peace · 2019-07-27 15:26:36

uh guys the game is closed but the hackers still have acdes so uhm yeah

Grilyon2

Spongelito · 2019-07-28 21:32:58

EE looks different now with the text having a basic look. What happened?

Alejandroc33 · 2019-07-28 23:57:49

What will happen to those of us who play for Kongregate?

mrjawapa · 2019-07-29 00:37:40

peace wrote:

maby staff acoutneds needs an extra security like after you guessedthe email and password you need to do another thing to verify youre the staffmember this could saty if ur ex staffmember for a while if there are still ways that you as ex staffmemeber can get acces to something a hacker coudl use nicely

This is actually a good idea. 2fa would be fine, and could be in place for everyone.

But we've had issues with past staff accounts.

NoNK · 2019-07-29 01:34:07

We already have 2factor, one's your username the others your password

Processor · 2019-07-29 01:52:09

NoNK wrote:

We already have 2factor, one's your username the others your password

thats not how this works

two passwords is still one factor

Raphe9000, Gosha, Slabdrill

Aoitenshi · 2019-07-29 05:34:14

"Kongregate is crap"

That did not age well.

Gosha · 2019-07-29 06:33:07

NoNK wrote:

We already have 2factor, one's your username the others your password

1) that's not how it works
2) you can actually login without knowing email, so if you are trying to hack someone, you just need to guess the password

Norwee · 2019-07-29 06:41:14

Is the Kongregate version actually safe to use?

Official Everybody Edits Forums

#51 2019-07-23 07:46:03

Re: Data Security Breach 2 - Please Update Your Passwords

#52 2019-07-23 08:18:28

Re: Data Security Breach 2 - Please Update Your Passwords

#53 2019-07-23 09:43:04

Re: Data Security Breach 2 - Please Update Your Passwords

#54 2019-07-23 11:21:52

Re: Data Security Breach 2 - Please Update Your Passwords

#55 2019-07-23 11:22:55

Re: Data Security Breach 2 - Please Update Your Passwords

#56 2019-07-23 11:55:24

Re: Data Security Breach 2 - Please Update Your Passwords

#57 2019-07-23 12:00:51

Re: Data Security Breach 2 - Please Update Your Passwords

#58 2019-07-23 12:52:59

Re: Data Security Breach 2 - Please Update Your Passwords

#59 2019-07-23 16:44:58

Re: Data Security Breach 2 - Please Update Your Passwords

#60 2019-07-23 17:11:55, last edited by Phinarose (2019-07-23 17:12:31)

Re: Data Security Breach 2 - Please Update Your Passwords

#61 2019-07-23 22:39:04

Re: Data Security Breach 2 - Please Update Your Passwords

#62 2019-07-24 10:55:56

Re: Data Security Breach 2 - Please Update Your Passwords

#63 2019-07-24 22:09:03

Re: Data Security Breach 2 - Please Update Your Passwords

#64 2019-07-25 07:21:29

Re: Data Security Breach 2 - Please Update Your Passwords

#65 2019-07-27 02:20:50

Re: Data Security Breach 2 - Please Update Your Passwords

#66 2019-07-27 12:11:08

Re: Data Security Breach 2 - Please Update Your Passwords

#67 2019-07-27 15:26:36

Re: Data Security Breach 2 - Please Update Your Passwords

#68 2019-07-28 21:32:58

Re: Data Security Breach 2 - Please Update Your Passwords

#69 2019-07-28 23:57:49

Re: Data Security Breach 2 - Please Update Your Passwords

#70 2019-07-29 00:37:40

Re: Data Security Breach 2 - Please Update Your Passwords

#71 2019-07-29 01:34:07

Re: Data Security Breach 2 - Please Update Your Passwords

#72 2019-07-29 01:52:09

Re: Data Security Breach 2 - Please Update Your Passwords

#73 2019-07-29 05:34:14, last edited by Aoitenshi (2019-07-29 05:37:38)

Re: Data Security Breach 2 - Please Update Your Passwords

#74 2019-07-29 06:33:07

Re: Data Security Breach 2 - Please Update Your Passwords

#75 2019-07-29 06:41:14

Re: Data Security Breach 2 - Please Update Your Passwords

Board footer