PDA

View Full Version : Handful of Accounts are Breached


Nozemi
05-19-2019, 07:13 AM
The breach was from a leaked database! as we've mentioned multiple times. Don't reuse your passwords. The databases for RSPS projects are commonly leaked or even released. If you've reused your password, we highly recommend changing it asap!

--------------------

I'm highly recommending everyone to use complex passwords! We have just had an incident where someone have gained access to a handful of accounts. If yours is one of the, contact me on Discord, and we'll sort this out.

My theory so far is that someone bruteforced (basically a piece of software designed to try passwords until one is a match) random accounts. Doesn't look like any admin accounts have been affected by this.

I will get this cleaned up, and I also have a theory on where this occurred. I added a temporary fix to prevent this from happening again, but I'm not sure if that was the source for the breach(es).

Jabast
05-19-2019, 07:20 AM
Good thing you're on this, hope we can resolve this asap.

K B D K0
05-19-2019, 07:55 AM
Can't post anywhere only here, not even allowed to view the portal.

Nozemi
05-19-2019, 09:26 AM
Can't post anywhere only here, not even allowed to view the portal.

Should now be sorted!

Nozemi
05-19-2019, 09:27 AM
Good thing you're on this, hope we can resolve this asap.

It's a bit of work, so hopefully we'll have this cleaned up within the next 12 hours, for everyone :)

Kreepy
05-19-2019, 09:57 AM
Sadly this happens from time to time. Glad to see more security added.

Conscio
05-24-2019, 07:32 PM
Who leaked?

Nozemi
05-25-2019, 06:08 AM
Who leaked?

What do you mean who leaked? Databases for previous projects are leaked all the time. Sometimes databases are hacked as well. It's quite common, not only in RSPS scene, but generally.

So if you're trying to find someone to blame, well... The only people to blame are those who use weak or compromised passwords.

Conscio
05-26-2019, 05:52 PM
What do you mean who leaked? Databases for previous projects are leaked all the time. Sometimes databases are hacked as well. It's quite common, not only in RSPS scene, but generally.

So if you're trying to find someone to blame, well... The only people to blame are those who use weak or compromised passwords.

Oh, we have a misunderstanding. In your post you didn't imply that the leak was from long ago, it read to me that this leak was recent.

I asked who leaked so that I know who not to give administrative privileges in the future.

Nozemi
05-26-2019, 07:33 PM
Oh, we have a misunderstanding. In your post you didn't imply that the leak was from long ago, it read to me that this leak was recent.

I asked who leaked so that I know who not to give administrative privileges in the future.

Oh, my bad I guess. Either way, to my knowledge, the current database has not been leaked. I seriously doubt anyone on the staff team would ever leak a database while project is live.

When a project is dead, and server is offline, the files are sometimes shared with people. Which means people might also get their hands on a copy of a previous database.

Personally, if I were to release files, I would remove any information that is sensitive enough (emails, passwords, IPs etc)