Has EE got pwned (Breach) again? Is it safe to continue playing EE?

Minimania · 2020-08-01 18:57:28

Minisaurus wrote:

Xenonetix said that attacks can be expected, so I wonder how bad can the next attacks be (EE is exposed to whatever hacker, not necessarily known ones)
The staff said that all user data is secured, but I am certainly worried of what the staff consider "safe"
How much damage can the hacker do to the player (About Privacy & Security) theoretically?

Given the extent of the hack made a few days ago, I'd venture a guess and say that the most damage a hacker can do to a player right now is:

• Delete all of their account data
• Give them admin powers
• Give them gems
• Give them access to all blocks and smileys
• Edit their worlds, including the ability to clear their world and save
• By extension, delete the campaigns
• Otherwise alter the campaigns in such a way to make them impossible or to make them easy
• Kick players from worlds they don't own, including the world owners
• Change their username one or a few times
• Edit crew data

I don't have any proof that this is the fullest extent of what a hacker can do to the game, but based solely on statements made by the developers after the hack before the last one, and Atilla's actions during this hack, this is what I assume to be it

LukeM · 2020-08-01 19:09:42

Crybaby wrote:

Minisaurus wrote:
Xenonetix said that attacks can be expected, so I wonder how bad can the next attacks be (EE is exposed to whatever hacker, not necessarily known ones)
The staff said that all user data is secured, but I am certainly worried of what the staff consider "safe"
How much damage can the hacker do to the player (About Privacy & Security) theoretically?
Given the extent of the hack made a few days ago, I'd venture a guess and say that the most damage a hacker can do to a player right now is:
• Delete all of their account data
• Give them admin powers
• Give them gems
• Give them access to all blocks and smileys
• Edit their worlds, including the ability to clear their world and save
• By extension, delete the campaigns
• Otherwise alter the campaigns in such a way to make them impossible or to make them easy
• Kick players from worlds they don't own, including the world owners
• Change their username one or a few times
• Edit crew data

I don't have any proof that this is the fullest extent of what a hacker can do to the game, but based solely on statements made by the developers after the hack before the last one, and Atilla's actions during this hack, this is what I assume to be it

I'm not part of the staff team anymore but I've been speaking with some of them and I was there for the previous hacking incidents so I have a rough idea of what's going on:

- Atilla only modified data from the database (i.e. most of the things you mentioned).
- He also claimed to have access to the source code for EE and EEU, but has not yet done anything that proves he does.
- They have no evidence of how atilla got access, and have not yet found any exploits that would allow him to do so other than finding out one of their passwords.
- Although atilla hasn't yet done anything other than manipulate database data, if he did find out someone's password he could likely do a lot more.
- I don't believe atilla would do anything dangerous such as collect/leak user passwords, but if he can gain access it's likely that others can too.
- Currently the staff have changed their passwords and restored data, but afaik they don't know whether that was the attack atilla used and haven't done anything meaningful to prevent him (or anyone else) from getting passwords again.
- A vunerability I found last year allows anyone who had a staff password to continue to have access indefinitely until the game is transferred to a new PlayerIO account.
- I don't believe they've completed such a transfer yet.
- Xeno has started up the game again and is asserting that it is "completely safe".

Minimania

Nebula · 2020-08-01 22:14:37

LukeM wrote:

Crybaby wrote:
Minisaurus wrote:
Xenonetix said that attacks can be expected, so I wonder how bad can the next attacks be (EE is exposed to whatever hacker, not necessarily known ones)
The staff said that all user data is secured, but I am certainly worried of what the staff consider "safe"
How much damage can the hacker do to the player (About Privacy & Security) theoretically?
Given the extent of the hack made a few days ago, I'd venture a guess and say that the most damage a hacker can do to a player right now is:
• Delete all of their account data
• Give them admin powers
• Give them gems
• Give them access to all blocks and smileys
• Edit their worlds, including the ability to clear their world and save
• By extension, delete the campaigns
• Otherwise alter the campaigns in such a way to make them impossible or to make them easy
• Kick players from worlds they don't own, including the world owners
• Change their username one or a few times
• Edit crew data

I don't have any proof that this is the fullest extent of what a hacker can do to the game, but based solely on statements made by the developers after the hack before the last one, and Atilla's actions during this hack, this is what I assume to be it
I'm not part of the staff team anymore but I've been speaking with some of them and I was there for the previous hacking incidents so I have a rough idea of what's going on:
- Atilla only modified data from the database (i.e. most of the things you mentioned).
- He also claimed to have access to the source code for EE and EEU, but has not yet done anything that proves he does.
- They have no evidence of how atilla got access, and have not yet found any exploits that would allow him to do so other than finding out one of their passwords.
- Although atilla hasn't yet done anything other than manipulate database data, if he did find out someone's password he could likely do a lot more.
- I don't believe atilla would do anything dangerous such as collect/leak user passwords, but if he can gain access it's likely that others can too.
- Currently the staff have changed their passwords and restored data, but afaik they don't know whether that was the attack atilla used and haven't done anything meaningful to prevent him (or anyone else) from getting passwords again.
- A vunerability I found last year allows anyone who had a staff password to continue to have access indefinitely until the game is transferred to a new PlayerIO account.
- I don't believe they've completed such a transfer yet.
- Xeno has started up the game again and is asserting that it is "completely safe".

proof that atilla is more pro than xeno on ee&eeu hoorah

TaskManager · 2020-08-02 00:09:45

Nebula wrote:

LukeM wrote:
Crybaby wrote:
Minisaurus wrote:
Xenonetix said that attacks can be expected, so I wonder how bad can the next attacks be (EE is exposed to whatever hacker, not necessarily known ones)
The staff said that all user data is secured, but I am certainly worried of what the staff consider "safe"
How much damage can the hacker do to the player (About Privacy & Security) theoretically?
Given the extent of the hack made a few days ago, I'd venture a guess and say that the most damage a hacker can do to a player right now is:
• Delete all of their account data
• Give them admin powers
• Give them gems
• Give them access to all blocks and smileys
• Edit their worlds, including the ability to clear their world and save
• By extension, delete the campaigns
• Otherwise alter the campaigns in such a way to make them impossible or to make them easy
• Kick players from worlds they don't own, including the world owners
• Change their username one or a few times
• Edit crew data

I don't have any proof that this is the fullest extent of what a hacker can do to the game, but based solely on statements made by the developers after the hack before the last one, and Atilla's actions during this hack, this is what I assume to be it
I'm not part of the staff team anymore but I've been speaking with some of them and I was there for the previous hacking incidents so I have a rough idea of what's going on:
- Atilla only modified data from the database (i.e. most of the things you mentioned).
- He also claimed to have access to the source code for EE and EEU, but has not yet done anything that proves he does.
- They have no evidence of how atilla got access, and have not yet found any exploits that would allow him to do so other than finding out one of their passwords.
- Although atilla hasn't yet done anything other than manipulate database data, if he did find out someone's password he could likely do a lot more.
- I don't believe atilla would do anything dangerous such as collect/leak user passwords, but if he can gain access it's likely that others can too.
- Currently the staff have changed their passwords and restored data, but afaik they don't know whether that was the attack atilla used and haven't done anything meaningful to prevent him (or anyone else) from getting passwords again.
- A vunerability I found last year allows anyone who had a staff password to continue to have access indefinitely until the game is transferred to a new PlayerIO account.
- I don't believe they've completed such a transfer yet.
- Xeno has started up the game again and is asserting that it is "completely safe".
proof that atilla is more pro than xeno on ee&eeu hoorah

werent you quitting

Gosha, Jorc, Joeyjoey65

Nebula · 2020-08-02 09:22:09

TaskManager wrote:

Nebula wrote:
LukeM wrote:
Crybaby wrote:
Minisaurus wrote:
Xenonetix said that attacks can be expected, so I wonder how bad can the next attacks be (EE is exposed to whatever hacker, not necessarily known ones)
The staff said that all user data is secured, but I am certainly worried of what the staff consider "safe"
How much damage can the hacker do to the player (About Privacy & Security) theoretically?
Given the extent of the hack made a few days ago, I'd venture a guess and say that the most damage a hacker can do to a player right now is:
• Delete all of their account data
• Give them admin powers
• Give them gems
• Give them access to all blocks and smileys
• Edit their worlds, including the ability to clear their world and save
• By extension, delete the campaigns
• Otherwise alter the campaigns in such a way to make them impossible or to make them easy
• Kick players from worlds they don't own, including the world owners
• Change their username one or a few times
• Edit crew data

I don't have any proof that this is the fullest extent of what a hacker can do to the game, but based solely on statements made by the developers after the hack before the last one, and Atilla's actions during this hack, this is what I assume to be it
I'm not part of the staff team anymore but I've been speaking with some of them and I was there for the previous hacking incidents so I have a rough idea of what's going on:
- Atilla only modified data from the database (i.e. most of the things you mentioned).
- He also claimed to have access to the source code for EE and EEU, but has not yet done anything that proves he does.
- They have no evidence of how atilla got access, and have not yet found any exploits that would allow him to do so other than finding out one of their passwords.
- Although atilla hasn't yet done anything other than manipulate database data, if he did find out someone's password he could likely do a lot more.
- I don't believe atilla would do anything dangerous such as collect/leak user passwords, but if he can gain access it's likely that others can too.
- Currently the staff have changed their passwords and restored data, but afaik they don't know whether that was the attack atilla used and haven't done anything meaningful to prevent him (or anyone else) from getting passwords again.
- A vunerability I found last year allows anyone who had a staff password to continue to have access indefinitely until the game is transferred to a new PlayerIO account.
- I don't believe they've completed such a transfer yet.
- Xeno has started up the game again and is asserting that it is "completely safe".
proof that atilla is more pro than xeno on ee&eeu hoorah
werent you quitting

weren't you paying attention at other posters than me, im just a lurker from now on, I have paid attention at Diff to delete my forum account already.

Minimania · 2020-08-02 09:29:38

Nebula wrote:

TaskManager wrote:
Nebula wrote:
LukeM wrote:
Crybaby wrote:
Given the extent of the hack made a few days ago, I'd venture a guess and say that the most damage a hacker can do to a player right now is:
• Delete all of their account data
• Give them admin powers
• Give them gems
• Give them access to all blocks and smileys
• Edit their worlds, including the ability to clear their world and save
• By extension, delete the campaigns
• Otherwise alter the campaigns in such a way to make them impossible or to make them easy
• Kick players from worlds they don't own, including the world owners
• Change their username one or a few times
• Edit crew data

I don't have any proof that this is the fullest extent of what a hacker can do to the game, but based solely on statements made by the developers after the hack before the last one, and Atilla's actions during this hack, this is what I assume to be it
I'm not part of the staff team anymore but I've been speaking with some of them and I was there for the previous hacking incidents so I have a rough idea of what's going on:
- Atilla only modified data from the database (i.e. most of the things you mentioned).
- He also claimed to have access to the source code for EE and EEU, but has not yet done anything that proves he does.
- They have no evidence of how atilla got access, and have not yet found any exploits that would allow him to do so other than finding out one of their passwords.
- Although atilla hasn't yet done anything other than manipulate database data, if he did find out someone's password he could likely do a lot more.
- I don't believe atilla would do anything dangerous such as collect/leak user passwords, but if he can gain access it's likely that others can too.
- Currently the staff have changed their passwords and restored data, but afaik they don't know whether that was the attack atilla used and haven't done anything meaningful to prevent him (or anyone else) from getting passwords again.
- A vunerability I found last year allows anyone who had a staff password to continue to have access indefinitely until the game is transferred to a new PlayerIO account.
- I don't believe they've completed such a transfer yet.
- Xeno has started up the game again and is asserting that it is "completely safe".
proof that atilla is more pro than xeno on ee&eeu hoorah
werent you quitting
weren't you paying attention at other posters than me, im just a lurker from now on, I have paid attention at Diff to delete my forum account already.

Was this worth quoting the whole paragraph long posts from above just for the people reading this to suffer through?

St1ckS4m(EE)

peace · 2020-08-02 10:41:43

Andymakeer wrote:

why would someone hack EE?
that person may be a really sad person...

i agree you get like information form how many people here? (i belive there are liek ~1-1.5M accounts created on Ee) while some game sliek fortnite an dminecrafts... have way mroe data to steal (harder sure but more) i alo sdont get why oyou want to hack a game that is goign to get shutdown what do you gian?

Different55 · 2020-08-02 15:11:15

peace wrote:

Andymakeer wrote:
why would someone hack EE?
that person may be a really sad person...
i agree you get like information form how many people here? (i belive there are liek ~1-1.5M accounts created on Ee) while some game sliek fortnite an dminecrafts... have way mroe data to steal (harder sure but more) i alo sdont get why oyou want to hack a game that is goign to get shutdown what do you gian?

Petty self satisfaction I'd imagine

mutantdevle, Joeyjoey65, St1ckS4m(EE), Andymakeer

capasha · 2020-08-02 21:40:40

peace wrote:

i agree you get like information form how many people here? (i belive there are liek ~1-1.5M accounts created on Ee) while some game sliek fortnite an dminecrafts... have way mroe data to steal (harder sure but more)

The people that use same password on ee could use same password on minecraft or any game or site.
It's like this everywhere. The reason that combo list exist, and it's really scary how many too.
A combo list often contains email:password or username:password. People then run this against other sites.

St1ckS4m(EE), Snowester

peace · 2020-08-03 07:39:39

hmmm till they dont get much data siince the player base si small alos apascha mod?

Official Everybody Edits Forums

#26 2020-08-01 18:57:28

Re: Has EE got pwned (Breach) again? Is it safe to continue playing EE?

#27 2020-08-01 19:09:42, last edited by LukeM (2020-08-01 19:14:49)

Re: Has EE got pwned (Breach) again? Is it safe to continue playing EE?

#28 2020-08-01 22:14:37

Re: Has EE got pwned (Breach) again? Is it safe to continue playing EE?

#29 2020-08-02 00:09:45

Re: Has EE got pwned (Breach) again? Is it safe to continue playing EE?

#30 2020-08-02 09:22:09

Re: Has EE got pwned (Breach) again? Is it safe to continue playing EE?

#31 2020-08-02 09:29:38

Re: Has EE got pwned (Breach) again? Is it safe to continue playing EE?

#32 2020-08-02 10:41:43

Re: Has EE got pwned (Breach) again? Is it safe to continue playing EE?

#33 2020-08-02 15:11:15

Re: Has EE got pwned (Breach) again? Is it safe to continue playing EE?

#34 2020-08-02 21:40:40

Re: Has EE got pwned (Breach) again? Is it safe to continue playing EE?

#35 2020-08-03 07:39:39

Re: Has EE got pwned (Breach) again? Is it safe to continue playing EE?

Board footer