[READ] Recent server breach

[KKKETTEN]

Okay I managed to recover my UCP but forum account is totally gone.

 

[Jboi]

My UCP is gone, forum account and everything, I can't resets the password for shit. I guess all my progress is fucked. - Husky

Are you saying your email has been breached? If not, try using "I forgot my password" and obtain your password through that method. From there, you can change it to a proper password.

No, I created this forum account with the same mail I used on ImTheRealHusky and I tried ALL my emails to recover ImTheRealHusky forum account and it doesn't recognize any. Also when I try to reset my UCP account, I can succesfully reset the password but it still doesn't recognize it or the username.

Give me a moment, I'll PM you if I can verify it's you.

 

[KKKETTEN]

My UCP is gone, forum account and everything, I can't resets the password for shit. I guess all my progress is fucked. - Husky

Are you saying your email has been breached? If not, try using "I forgot my password" and obtain your password through that method. From there, you can change it to a proper password.

No, I created this forum account with the same mail I used on ImTheRealHusky and I tried ALL my emails to recover ImTheRealHusky forum account and it doesn't recognize any. Also when I try to reset my UCP account, I can succesfully reset the password but it still doesn't recognize it or the username.

Give me a moment, I'll PM you if I can verify it's you.

Alright, thanks a lot.

 

[ImTheRealHusky]

Recovered it, kek. Thx Jboi

 

[Charlie_]

Recovered it, kek. Thx Jboi

Welcome back

 

[Kemp]

Daniel Evans, really? I mean, I've not spoken to the guy properly in a while but I don't think he's joined Lizard Squad in the last month. I hope there's evidence as if you're throwing his name around without it, as well as Booth and BigD, then it's unacceptable.

 

[Davis]

You should only blame people with weak passwords.

Data Protection Laws require the data holders, ie the people maintaining the database and so on responsible for making data as secure as possible. If the passwords were as secure as possible on the database side then sure, blame everybody else. But that wasn't the case, they were (apparently) using a simple hashing algorithm that can be cracked in milliseconds using online tools.

That, does not make sense at all.
This is a server on SA-MP; not a company that holds millions of information.

Fr0st does everything possible to secure this information to the best of their abilities, and i'd shoot myself in the head if he didn't.

"This is a server on SA-MP; not a company that holds millions of information." - They're holding sensitive data. That doesn't make them exempt from securing it. People use their RC:RP passwords probably for most of their other accounts, the burden doesn't lie on the user - it lies on the person holding the data. It's common sense to anybody making any form of program/service that will be holding user data to make it secure as possible. It would've taken one small step to secure the passwords, using a random salting algorithm; that isn't rocket science.

Don't get me wrong, I don't see the point in arguing about it. But I think the point needs to be made so this mistake never happens again. Just because RC:RP isn't Microsoft doesn't mean they should be lenient with your or my data, it's a legal obligation to protect it.

You realize the only reason they got this far was because they're ex-management and ex-developers doing this right? They way they got passwords is through an old database that BigD or Booth presumably exported and then unhashed the passwords somehow.

I had full access to the server, database & forum at the time that I resigned and I didn't leak, delete or fuck with anything using it so why would I start now? I left on "okay" terms and I certainly didn't export or unhash any passwords, so please keep my name out of this.

 

[cradboard]

I had full access to the server, database & forum at the time that I resigned and I didn't leak, delete or fuck with anything using it so why would I start now? I left on "okay" terms and I certainly didn't export or unhash any passwords, so please keep my name out of this.

I actually believe you. This just doesn't seem like something you'd do BigD.

 

[Kemp]

I had full access to the server, database & forum at the time that I resigned and I didn't leak, delete or fuck with anything using it so why would I start now? I left on "okay" terms and I certainly didn't export or unhash any passwords, so please keep my name out of this.

I actually believe you. This just doesn't seem like something you'd do BigD.

I'm struggling to process why a Lead Administrator, whom people will actually believe due to the position he upholds, is trying to discredit BigD's reputation by tying him to something without credible evidence or even an attestation. It's absolutely unacceptable.

 

[Jboi]

I had full access to the server, database & forum at the time that I resigned and I didn't leak, delete or fuck with anything using it so why would I start now? I left on "okay" terms and I certainly didn't export or unhash any passwords, so please keep my name out of this.

I actually believe you. This just doesn't seem like something you'd do BigD.

I'm only pointing at the 2 potential people, from what I've now learned it was all entirely Booth so BigD is innocent.

EDIT: Lol @Kemp, I'm literally just stating the two people whom it might've been. Not saying either did it, just that's what presumably happened and either or could be guilty, we now know it was Booth with 100% certainty.