Official Everybody Edits Forums

Do you think I could just leave this part blank and it'd be okay? We're just going to replace the whole thing with a header image anyway, right?

You are not logged in.

#26 2020-08-01 18:57:28

Crybaby
Formerly minimania
From: Cant Count
Joined: 2015-02-22
Posts: 5,629

Re: Has EE got pwned (Breach) again? Is it safe to continue playing EE?

Minisaurus wrote:

Xenonetix said that attacks can be expected, so I wonder how bad can the next attacks be (EE is exposed to whatever hacker, not necessarily known ones)
The staff said that all user data is secured, but I am certainly worried of what the staff consider "safe"
How much damage can the hacker do to the player (About Privacy & Security) theoretically?

Given the extent of the hack made a few days ago, I'd venture a guess and say that the most damage a hacker can do to a player right now is:

• Delete all of their account data
• Give them admin powers
• Give them gems
• Give them access to all blocks and smileys
• Edit their worlds, including the ability to clear their world and save
• By extension, delete the campaigns
• Otherwise alter the campaigns in such a way to make them impossible or to make them easy
• Kick players from worlds they don't own, including the world owners
• Change their username one or a few times
• Edit crew data


I don't have any proof that this is the fullest extent of what a hacker can do to the game, but based solely on statements made by the developers after the hack before the last one, and Atilla's actions during this hack, this is what I assume to be it


unknown.png
Click to see my graphics. Now.

Offline

#27 2020-08-01 19:09:42, last edited by LukeM (2020-08-01 19:14:49)

LukeM
Member
From: England
Joined: 2016-06-03
Posts: 2,945
Website

Re: Has EE got pwned (Breach) again? Is it safe to continue playing EE?

Crybaby wrote:
Minisaurus wrote:

Xenonetix said that attacks can be expected, so I wonder how bad can the next attacks be (EE is exposed to whatever hacker, not necessarily known ones)
The staff said that all user data is secured, but I am certainly worried of what the staff consider "safe"
How much damage can the hacker do to the player (About Privacy & Security) theoretically?

Given the extent of the hack made a few days ago, I'd venture a guess and say that the most damage a hacker can do to a player right now is:

• Delete all of their account data
• Give them admin powers
• Give them gems
• Give them access to all blocks and smileys
• Edit their worlds, including the ability to clear their world and save
• By extension, delete the campaigns
• Otherwise alter the campaigns in such a way to make them impossible or to make them easy
• Kick players from worlds they don't own, including the world owners
• Change their username one or a few times
• Edit crew data


I don't have any proof that this is the fullest extent of what a hacker can do to the game, but based solely on statements made by the developers after the hack before the last one, and Atilla's actions during this hack, this is what I assume to be it

I'm not part of the staff team anymore but I've been speaking with some of them and I was there for the previous hacking incidents so I have a rough idea of what's going on:

- Atilla only modified data from the database (i.e. most of the things you mentioned).
- He also claimed to have access to the source code for EE and EEU, but has not yet done anything that proves he does.
- They have no evidence of how atilla got access, and have not yet found any exploits that would allow him to do so other than finding out one of their passwords.
- Although atilla hasn't yet done anything other than manipulate database data, if he did find out someone's password he could likely do a lot more.
- I don't believe atilla would do anything dangerous such as collect/leak user passwords, but if he can gain access it's likely that others can too.
- Currently the staff have changed their passwords and restored data, but afaik they don't know whether that was the attack atilla used and haven't done anything meaningful to prevent him (or anyone else) from getting passwords again.
- A vunerability I found last year allows anyone who had a staff password to continue to have access indefinitely until the game is transferred to a new PlayerIO account.
- I don't believe they've completed such a transfer yet.
- Xeno has started up the game again and is asserting that it is "completely safe".

Offline

Wooted by:

#28 2020-08-01 22:14:37

Nebula
Guest

Re: Has EE got pwned (Breach) again? Is it safe to continue playing EE?

LukeM wrote:
Crybaby wrote:
Minisaurus wrote:

Xenonetix said that attacks can be expected, so I wonder how bad can the next attacks be (EE is exposed to whatever hacker, not necessarily known ones)
The staff said that all user data is secured, but I am certainly worried of what the staff consider "safe"
How much damage can the hacker do to the player (About Privacy & Security) theoretically?

Given the extent of the hack made a few days ago, I'd venture a guess and say that the most damage a hacker can do to a player right now is:

• Delete all of their account data
• Give them admin powers
• Give them gems
• Give them access to all blocks and smileys
• Edit their worlds, including the ability to clear their world and save
• By extension, delete the campaigns
• Otherwise alter the campaigns in such a way to make them impossible or to make them easy
• Kick players from worlds they don't own, including the world owners
• Change their username one or a few times
• Edit crew data


I don't have any proof that this is the fullest extent of what a hacker can do to the game, but based solely on statements made by the developers after the hack before the last one, and Atilla's actions during this hack, this is what I assume to be it

I'm not part of the staff team anymore but I've been speaking with some of them and I was there for the previous hacking incidents so I have a rough idea of what's going on:

- Atilla only modified data from the database (i.e. most of the things you mentioned).
- He also claimed to have access to the source code for EE and EEU, but has not yet done anything that proves he does.
- They have no evidence of how atilla got access, and have not yet found any exploits that would allow him to do so other than finding out one of their passwords.
- Although atilla hasn't yet done anything other than manipulate database data, if he did find out someone's password he could likely do a lot more.
- I don't believe atilla would do anything dangerous such as collect/leak user passwords, but if he can gain access it's likely that others can too.
- Currently the staff have changed their passwords and restored data, but afaik they don't know whether that was the attack atilla used and haven't done anything meaningful to prevent him (or anyone else) from getting passwords again.
- A vunerability I found last year allows anyone who had a staff password to continue to have access indefinitely until the game is transferred to a new PlayerIO account.
- I don't believe they've completed such a transfer yet.
- Xeno has started up the game again and is asserting that it is "completely safe".

proof that atilla is more pro than xeno on ee&eeu hoorah

#29 2020-08-02 00:09:45

TaskManager
Formerly maxi123
From: i really should update this
Joined: 2015-03-01
Posts: 9,107

Re: Has EE got pwned (Breach) again? Is it safe to continue playing EE?

Nebula wrote:
LukeM wrote:
Crybaby wrote:
Minisaurus wrote:

Xenonetix said that attacks can be expected, so I wonder how bad can the next attacks be (EE is exposed to whatever hacker, not necessarily known ones)
The staff said that all user data is secured, but I am certainly worried of what the staff consider "safe"
How much damage can the hacker do to the player (About Privacy & Security) theoretically?

Given the extent of the hack made a few days ago, I'd venture a guess and say that the most damage a hacker can do to a player right now is:

• Delete all of their account data
• Give them admin powers
• Give them gems
• Give them access to all blocks and smileys
• Edit their worlds, including the ability to clear their world and save
• By extension, delete the campaigns
• Otherwise alter the campaigns in such a way to make them impossible or to make them easy
• Kick players from worlds they don't own, including the world owners
• Change their username one or a few times
• Edit crew data


I don't have any proof that this is the fullest extent of what a hacker can do to the game, but based solely on statements made by the developers after the hack before the last one, and Atilla's actions during this hack, this is what I assume to be it

I'm not part of the staff team anymore but I've been speaking with some of them and I was there for the previous hacking incidents so I have a rough idea of what's going on:

- Atilla only modified data from the database (i.e. most of the things you mentioned).
- He also claimed to have access to the source code for EE and EEU, but has not yet done anything that proves he does.
- They have no evidence of how atilla got access, and have not yet found any exploits that would allow him to do so other than finding out one of their passwords.
- Although atilla hasn't yet done anything other than manipulate database data, if he did find out someone's password he could likely do a lot more.
- I don't believe atilla would do anything dangerous such as collect/leak user passwords, but if he can gain access it's likely that others can too.
- Currently the staff have changed their passwords and restored data, but afaik they don't know whether that was the attack atilla used and haven't done anything meaningful to prevent him (or anyone else) from getting passwords again.
- A vunerability I found last year allows anyone who had a staff password to continue to have access indefinitely until the game is transferred to a new PlayerIO account.
- I don't believe they've completed such a transfer yet.
- Xeno has started up the game again and is asserting that it is "completely safe".

proof that atilla is more pro than xeno on ee&eeu hoorah

werent you quitting


i8SwC8p.png
signature by HG, profile picture by bluecloud, thank!!
previous signature by drstereos

Offline

Wooted by: (3)

#30 2020-08-02 09:22:09

Nebula
Guest

Re: Has EE got pwned (Breach) again? Is it safe to continue playing EE?

TaskManager wrote:
Nebula wrote:
LukeM wrote:
Crybaby wrote:
Minisaurus wrote:

Xenonetix said that attacks can be expected, so I wonder how bad can the next attacks be (EE is exposed to whatever hacker, not necessarily known ones)
The staff said that all user data is secured, but I am certainly worried of what the staff consider "safe"
How much damage can the hacker do to the player (About Privacy & Security) theoretically?

Given the extent of the hack made a few days ago, I'd venture a guess and say that the most damage a hacker can do to a player right now is:

• Delete all of their account data
• Give them admin powers
• Give them gems
• Give them access to all blocks and smileys
• Edit their worlds, including the ability to clear their world and save
• By extension, delete the campaigns
• Otherwise alter the campaigns in such a way to make them impossible or to make them easy
• Kick players from worlds they don't own, including the world owners
• Change their username one or a few times
• Edit crew data


I don't have any proof that this is the fullest extent of what a hacker can do to the game, but based solely on statements made by the developers after the hack before the last one, and Atilla's actions during this hack, this is what I assume to be it

I'm not part of the staff team anymore but I've been speaking with some of them and I was there for the previous hacking incidents so I have a rough idea of what's going on:

- Atilla only modified data from the database (i.e. most of the things you mentioned).
- He also claimed to have access to the source code for EE and EEU, but has not yet done anything that proves he does.
- They have no evidence of how atilla got access, and have not yet found any exploits that would allow him to do so other than finding out one of their passwords.
- Although atilla hasn't yet done anything other than manipulate database data, if he did find out someone's password he could likely do a lot more.
- I don't believe atilla would do anything dangerous such as collect/leak user passwords, but if he can gain access it's likely that others can too.
- Currently the staff have changed their passwords and restored data, but afaik they don't know whether that was the attack atilla used and haven't done anything meaningful to prevent him (or anyone else) from getting passwords again.
- A vunerability I found last year allows anyone who had a staff password to continue to have access indefinitely until the game is transferred to a new PlayerIO account.
- I don't believe they've completed such a transfer yet.
- Xeno has started up the game again and is asserting that it is "completely safe".

proof that atilla is more pro than xeno on ee&eeu hoorah

werent you quitting

weren't you paying attention at other posters than me, im just a lurker from now on, I have paid attention at Diff to delete my forum account already.

#31 2020-08-02 09:29:38

Crybaby
Formerly minimania
From: Cant Count
Joined: 2015-02-22
Posts: 5,629

Re: Has EE got pwned (Breach) again? Is it safe to continue playing EE?

Nebula wrote:
TaskManager wrote:
Nebula wrote:
LukeM wrote:
Crybaby wrote:

Given the extent of the hack made a few days ago, I'd venture a guess and say that the most damage a hacker can do to a player right now is:

• Delete all of their account data
• Give them admin powers
• Give them gems
• Give them access to all blocks and smileys
• Edit their worlds, including the ability to clear their world and save
• By extension, delete the campaigns
• Otherwise alter the campaigns in such a way to make them impossible or to make them easy
• Kick players from worlds they don't own, including the world owners
• Change their username one or a few times
• Edit crew data


I don't have any proof that this is the fullest extent of what a hacker can do to the game, but based solely on statements made by the developers after the hack before the last one, and Atilla's actions during this hack, this is what I assume to be it

I'm not part of the staff team anymore but I've been speaking with some of them and I was there for the previous hacking incidents so I have a rough idea of what's going on:

- Atilla only modified data from the database (i.e. most of the things you mentioned).
- He also claimed to have access to the source code for EE and EEU, but has not yet done anything that proves he does.
- They have no evidence of how atilla got access, and have not yet found any exploits that would allow him to do so other than finding out one of their passwords.
- Although atilla hasn't yet done anything other than manipulate database data, if he did find out someone's password he could likely do a lot more.
- I don't believe atilla would do anything dangerous such as collect/leak user passwords, but if he can gain access it's likely that others can too.
- Currently the staff have changed their passwords and restored data, but afaik they don't know whether that was the attack atilla used and haven't done anything meaningful to prevent him (or anyone else) from getting passwords again.
- A vunerability I found last year allows anyone who had a staff password to continue to have access indefinitely until the game is transferred to a new PlayerIO account.
- I don't believe they've completed such a transfer yet.
- Xeno has started up the game again and is asserting that it is "completely safe".

proof that atilla is more pro than xeno on ee&eeu hoorah

werent you quitting

weren't you paying attention at other posters than me, im just a lurker from now on, I have paid attention at Diff to delete my forum account already.

Was this worth quoting the whole paragraph long posts from above just for the people reading this to suffer through?


unknown.png
Click to see my graphics. Now.

Offline

Wooted by:

#32 2020-08-02 10:41:43

peace
Member
From: admin land
Joined: 2015-08-10
Posts: 8,965

Re: Has EE got pwned (Breach) again? Is it safe to continue playing EE?

Andymakeer wrote:

why would someone hack EE?
that person may be a really sad person...

i agree you get like information form how many people here? (i belive there are liek ~1-1.5M accounts created on Ee) while some game sliek fortnite an dminecrafts... have way mroe data to steal (harder sure but more) i alo sdont get why oyou want to hack a game that is goign to get shutdown what do you gian?


peace.png

thanks hg for making this much better and ty for my avatar aswell

Offline

#33 2020-08-02 15:11:15

Different55
Forum Admin
Joined: 2015-02-07
Posts: 16,395

Re: Has EE got pwned (Breach) again? Is it safe to continue playing EE?

peace wrote:
Andymakeer wrote:

why would someone hack EE?
that person may be a really sad person...

i agree you get like information form how many people here? (i belive there are liek ~1-1.5M accounts created on Ee) while some game sliek fortnite an dminecrafts... have way mroe data to steal (harder sure but more) i alo sdont get why oyou want to hack a game that is goign to get shutdown what do you gian?

Petty self satisfaction I'd imagine


"Sometimes failing a leap of faith is better than inching forward"
- ShinsukeIto

Offline

#34 2020-08-02 21:40:40

capasha
Moderation Team
Joined: 2015-02-21
Posts: 3,931
Website

Re: Has EE got pwned (Breach) again? Is it safe to continue playing EE?

peace wrote:

i agree you get like information form how many people here? (i belive there are liek ~1-1.5M accounts created on Ee) while some game sliek fortnite an dminecrafts... have way mroe data to steal (harder sure but more)

The people that use same password on ee could use same password on minecraft or any game or site.
It's like this everywhere. The reason that combo list exist, and it's really scary how many too.
A combo list often contains email:password or username:password. People then run this against other sites.

Offline

Wooted by: (3)

#35 2020-08-03 07:39:39

peace
Member
From: admin land
Joined: 2015-08-10
Posts: 8,965

Re: Has EE got pwned (Breach) again? Is it safe to continue playing EE?

hmmm till they dont get much data siince the player base si small alos apascha mod?


peace.png

thanks hg for making this much better and ty for my avatar aswell

Offline

peace1596436779783786

Board footer

Powered by FluxBB

[ Started around 1597205074.7229 - Generated in 0.053 seconds, 12 queries executed - Memory usage: 1.55 MiB (Peak: 1.75 MiB) ]