[READ] Recent server breach

[Llamas]

Update:

Stuff continues to be worked on by Tommy and Frost before the server is gonna be able to be reopened. Admins have to get all new passwords for the ACP/IG accounts then after all that the server will probably be able to be re-opened.

No ETA yet from Frost or Tommy but I assume it shouldn't be to long.

Server is up m8 what are you talking about?

See, What a great update I gave.

 

[Matty]

The passwords were not stored in plain text, they were properly hashed. Admins and certain testers/helpers were the actual target. The leaked password database was around 4 months old and was hoarded and now leaked by ex-developer Booth.

(added this to the main post)



On another note - the server is back up.

4 months old? Thank god I changed my passwords like 2 months ago.

 

[Jboi]

I hold server management accountable and responsible for lacking serious security or pro-active protective measures for breaches like this.
Unacceptable.
Because if whoever did this can pull this off without too much effort apparently, anyone with some technical knowledge could have.

You should only blame people with weak passwords.

Data Protection Laws require the data holders, ie the people maintaining the database and so on responsible for making data as secure as possible. If the passwords were as secure as possible on the database side then sure, blame everybody else. But that wasn't the case, they were (apparently) using a simple hashing algorithm that can be cracked in milliseconds using online tools.

That, does not make sense at all.
This is a server on SA-MP; not a company that holds millions of information.

Fr0st does everything possible to secure this information to the best of their abilities, and i'd shoot myself in the head if he didn't.

"This is a server on SA-MP; not a company that holds millions of information." - They're holding sensitive data. That doesn't make them exempt from securing it. People use their RC:RP passwords probably for most of their other accounts, the burden doesn't lie on the user - it lies on the person holding the data. It's common sense to anybody making any form of program/service that will be holding user data to make it secure as possible. It would've taken one small step to secure the passwords, using a random salting algorithm; that isn't rocket science.

Don't get me wrong, I don't see the point in arguing about it. But I think the point needs to be made so this mistake never happens again. Just because RC:RP isn't Microsoft doesn't mean they should be lenient with your or my data, it's a legal obligation to protect it.

You realize the only reason they got this far was because they're ex-management and ex-developers doing this right? They way they got passwords is through an old database that BigD or Booth presumably exported and then unhashed the passwords somehow.

To everyone complaining, this is exactly why you don't use the same password for everything, You've probably registered for sites far less secure than RC:RP.

 

[DogNo]

To everyone complaining, this is exactly why you don't use the same password for everything, You've probably registered for sites far less secure than RC:RP.

^ This! Not so long ago we had a few members of our community getting hacked because of them having the same passwords on other websites which had their database hacked. This only happened because of the previous position they had.

 

[LeGGGeNNdA]

Update:

Stuff continues to be worked on by Tommy and Frost before the server is gonna be able to be reopened. Admins have to get all new passwords for the ACP/IG accounts then after all that the server will probably be able to be re-opened.

No ETA yet from Frost or Tommy but I assume it shouldn't be to long.

Server is up m8 what are you talking about?

See, What a great update I gave.

That's why AP comes up late on situations when you update.

 

[KKKETTEN]

My UCP is gone, forum account and everything, I can't resets the password for shit. I guess all my progress is fucked. - Husky

 

[Rosalie]

My UCP is gone, forum account and everything, I can't resets the password for shit. I guess all my progress is fucked. - Husky

Are you saying your email has been breached? If not, try using "I forgot my password" and obtain your password through that method. From there, you can change it to a proper password.

 

[Alko]

The passwords were not stored in plain text, they were properly hashed. Admins and certain testers/helpers were the actual target. The leaked password database was around 4 months old and was hoarded and now leaked by ex-developer Booth.

(added this to the main post)



On another note - the server is back up.

4 months old? Thank god I changed my passwords like 2 months ago.

Thank god I don't even play for 4 months.

 

[KKKETTEN]

My UCP is gone, forum account and everything, I can't resets the password for shit. I guess all my progress is fucked. - Husky

Are you saying your email has been breached? If not, try using "I forgot my password" and obtain your password through that method. From there, you can change it to a proper password.

No, I created this forum account with the same mail I used on ImTheRealHusky and I tried ALL my emails to recover ImTheRealHusky forum account and it doesn't recognize any. Also when I try to reset my UCP account, I can succesfully reset the password but it still doesn't recognize it or the username.

 

[Smoking]

FFS