We've been hacked
Posted by Matty, 04 Dec 2016, 04:03 pm.
We've been hacked. Someone managed to get a database and/or admin acocunt password.
This means that you may want to change your password. They are hashed and salted with bcrypt, so it's not easy to get the plaintext password from it. But they can use it to login on your account here.
If you use the password from this site on other sites, be sure to change it there as well (and don't use duplicate passwords anymore ).
This means that you may want to change your password. They are hashed and salted with bcrypt, so it's not easy to get the plaintext password from it. But they can use it to login on your account here.
If you use the password from this site on other sites, be sure to change it there as well (and don't use duplicate passwords anymore ).
Comments
-
Comment posted by Cireon, 04 Dec 2016, 04:27 pm.We are currently in the process of restoring a backup of the General Discussions forum as well.
EDIT: there are some difficulties in restoring the backup and the General Discussions forum will be unavailable for the time being. -
Comment posted by Madagascarter, 04 Dec 2016, 09:03 pm.Is this why one of my games on Ancient Realm mysteriously disappeared. It isn't in the finished games either.
-
Comment posted by Hoodlum, 04 Dec 2016, 09:23 pm.no. game 691383 was a separate issue causing a bug during the time the hacking was taking place.. The timer was stuck, and I was receiving notifications, where it was just better to force an end to the game, while programmers were offline, and that other things could be dealt with.
-
Comment posted by momagajic, 05 Dec 2016, 01:22 am.And whats missing
-
Comment posted by Matty, 05 Dec 2016, 05:16 pm.The general discussions thread.
We have a backup from 2 weeks ago, but there's an issue with read/write access, so it's hard to restore just that thread, without deleting everything else. -
Comment posted by momagajic, 06 Dec 2016, 04:03 pm.Thats wierd ,so what next?general thread is important
-
Comment posted by Cireon, 06 Dec 2016, 07:49 pm.We are working with the hosting provider on restoring it as soon as possible.
-
Comment posted by Cireon, 09 Dec 2016, 10:05 pm.Good news: the General Discussions forum is mostly back. The backup is a few weeks old so some of the newest posts are missing. There is sadly nothing we can do to get those back. Also, it has not saved whether the threads were unread/read, so you will have to mark the entire forum as read again.
Sorry for the inconvenience. Happy risking! -
Comment posted by Fendi, 09 Dec 2016, 10:09 pm.Everyone please thank Cireon for his work, this would not have been possible without him. And Matty for taking care of the database and the admins for handling this it so well.
-
Comment posted by Cireon, 09 Dec 2016, 10:13 pm.Me last week:
-
Comment posted by Hoodlum, 09 Dec 2016, 10:50 pm.Thanks team, appreciate your efforts
-
Comment posted by momagajic, 10 Dec 2016, 12:33 am.Nice to hear good news,thanks Cireon and other staff.
-
Comment posted by elysium5, 10 Dec 2016, 04:38 am.Thanks, you guys!
-
Comment posted by Madagascarter, 10 Dec 2016, 11:49 am.It's back! Thanks guys.
-
Comment posted by aeronautic, 12 Dec 2016, 12:16 am.Nice one Cireon... damn hackers!
-
Comment posted by Madagascarter, 22 Sep 2017, 08:20 am.Seriously people change your passwords on anything you have used that email for. I just realised that my spam email account, (account for anything not important) has been hacked and used to send inappropriate pictures. Luckily I had no money or anything on my email so no real harm done. The only link I could link it to though was the password database hack here so yeah, don't think it won't happen to you.
-
Comment posted by Matty, 22 Sep 2017, 04:24 pm.We may have leaked what your email was, but not what the password for your email was, so this hack could not give a hacker access to your email address (unless you told your password in a message, chat of forum on d12 or something - NEVER enter your passwords anywhere).
Even if you used your password of that email address on this site (note: reusing passwords is bad practice, don't do that), this site's hack will probably not be the leak of it, as we don't store your password for d12 - only a salted hash (with bcrypt, that's a good hash for passwords). It's extremely hard to get your original password from there.
Many services on the internet get hacked these days, skype, linkedin, windows live mail/hotmail (all the time), equifax. And not all of them tell you about it (or if they do, sometimes years after the incident).
The best defence against this is to use strong passwords and not reuse them on other sites (in order to remember these passwords, use a password manager). -
Comment posted by dough_boy, 22 Sep 2017, 04:32 pm.Could also be that you were using a password that has been "cracked" and that matches up against a hash table.
-
Comment posted by Madagascarter, 22 Sep 2017, 07:00 pm.Right, It was the only link I could think of so I guess I was just unlucky that this random hacker choose my spam account. I rarely go on it, I only went on it to get my early access link for the Fifa app and that is the only reason why I noticed it. I guess I've used this email and my password for a lot of sites which I might have only went on once just to try and find material and I've never told anyone my password except for direct family members and it's definitely not them so. I think I've got them out now. Is there an easy way to change my email on this site to a new one?
-
Comment posted by Matty, 22 Sep 2017, 09:23 pm.Go to the settings, right here: https://dominating12.com/account/accountinfo
-
Comment posted by dough_boy, 22 Sep 2017, 10:22 pm.Usually the data is sold or given away on the black market so it is highly likely your account was not used by the hacker and instead someone else.Madagascarter...I was just unlucky that this random hacker choose my spam account...
-
Comment posted by johnnybto, 06 Jan 2018, 10:34 pm.thanks team for the awesome job you do ALL the time in dealing with issues and whatnot, it is greatly appreciated.