Official Everybody Edits Forums

Do you think I could just leave this part blank and it'd be okay? We're just going to replace the whole thing with a header image anyway, right?

You are not logged in.

Donate!

pls donate


#26 2019-03-23 22:50:47, last edited by Different55 (2019-03-23 23:30:14)

NorwegianboyEE
Member
From: Norway
Joined: 2015-03-16
Posts: 1,752

Re: Regarding the data breach

Does this have anything to do with it?

<snip - inage contains link to leaked data>


L1dl6nb.gif

Offline

#27 2019-03-23 22:58:47

Processor
Member
Joined: 2015-02-15
Posts: 2,022

Re: Regarding the data breach

Let me drop some new information I have gathered.

An attacker has gained access to EE databases earlier this week (on Tuesday). They exported databases and deleted some database objects.
As LukeM confirms, the attacker made another export yesterday (other sources verify this claim: the export was made on 03/22/2019 around 17:30 UTC).

I have proof that staff noticed this within 24 hours.
They had the knowledge of a "backdoor" or exploit existing in the backend severs of EE and did not disclose this in time.
This provides legal basis to prove that the staff acted negligently and in their own interest.

Staff keeps issues to themselves:
I quit EE. I was notified of the mail and reports breach by Zoey2070 (a staff) today.

Something is wrong if I get notified before everyone else is.
Something is wrong if the top-most priority isn't to tell everyone to change their passwords.
Something is wrong if the owner would rather block me instead of discussing this issue.

Staff keeps game running despite breach:
The game has been compromised since Tuesday, the game is still compromised. LukeM has confirmed to me that the issues are still being fixed (read: aren't yet fixed).

Instead of shutting down the game until the data breach is solved, the management has chosen to keep the game running.
This prevents lost revenue at the expense of our security.

Staff has not notified users or the DPAs of this breach.
Some members of the community already know this, but those who have stopped playing / checking the forums do not. Their info is at risk, that's a problem.
Xenonetix has confirmed the knowledge of the upcoming leaks, yet has made no effort to the community know.



If you are reading this, please close all EE tabs and do not access EE until further notice.
The game is breached and we suspect that the breach is still ongoing.
The attackers have shown the ability to access the servers.
Flash is not a secure platform. Downloading content from untrusted servers can leak your password and potentially install viruses on your PC.


Everybodyedits.com is currently breached and no longer safe.
Please change your password on any other site where you're using the same password as on EE.


embed.png?style=banner3

Offline

#28 2019-03-23 22:58:59

Joeyc
Guest

Re: Regarding the data breach

Yeah, I recommend you all change your passwords and emails as soon as possible

#29 2019-03-23 23:02:39, last edited by NorwegianboyEE (2019-03-23 23:03:16)

NorwegianboyEE
Member
From: Norway
Joined: 2015-03-16
Posts: 1,752

Re: Regarding the data breach

This is precisely why i have a completely separate password for my EE account aside from everything else i use. I knew the security was horrendous. If you don't have a separate password i highly suggest you to do the same.


L1dl6nb.gif

Offline

Wooted by: (2)

#30 2019-03-23 23:04:00

Zumza
Member
From: root
Joined: 2015-02-17
Posts: 4,496

Re: Regarding the data breach

Almost everyones email and location has been leaked.
The are also phone numbers, snapchats contacts, instagram and facebook profiles within the first leak.


Everybody edits, but some edit more than others

Offline

Wooted by:

#31 2019-03-23 23:06:10

Growler
Formerly Snowester
Joined: 2017-05-31
Posts: 355

Re: Regarding the data breach

Zumza wrote:

The are also phone numbers, snapchats contacts, instagram and facebook profiles within the first leak.

I can't tell if you're being sarcastic. But I hope you mean from mails which is dumb because nobody would use them.


1565540400.png

Offline

#32 2019-03-23 23:21:40

Processor
Member
Joined: 2015-02-15
Posts: 2,022

Re: Regarding the data breach

Growler wrote:
Zumza wrote:

The are also phone numbers, snapchats contacts, instagram and facebook profiles within the first leak.

I can't tell if you're being sarcastic. But I hope you mean from mails which is dumb because nobody would use them.

I have sources confirming the said information being true. They also found photos of users (some underage), unlisted videos on youtube, addresses, passwords, among other things.


embed.png?style=banner3

Offline

Wooted by:

#33 2019-03-23 23:28:03

Growler
Formerly Snowester
Joined: 2017-05-31
Posts: 355

Re: Regarding the data breach

Processor wrote:
Growler wrote:
Zumza wrote:

The are also phone numbers, snapchats contacts, instagram and facebook profiles within the first leak.

I can't tell if you're being sarcastic. But I hope you mean from mails which is dumb because nobody would use them.

I have sources confirming the said information being true. They also found photos of users (some underage), unlisted videos on youtube, addresses, passwords, among other things.

Oh cow dung, really? What are the examples? xd


1565540400.png

Offline

#34 2019-03-23 23:37:17

ZeldaXD
EE Homeboy
Joined: 2015-02-15
Posts: 1,321
Website

Re: Regarding the data breach

If you're a facebook user, the leak contains your real name too (because of Facebook data)

Online

#35 2019-03-23 23:49:51

Growler
Formerly Snowester
Joined: 2017-05-31
Posts: 355

Re: Regarding the data breach

ZeldaXD wrote:

If you're a facebook user, the leak contains your real name too (because of Facebook data)

Oh noes, that what show up in the first leak?


1565540400.png

Offline

#36 2019-03-24 00:20:32, last edited by ZeldaXD (2019-03-24 00:21:23)

ZeldaXD
EE Homeboy
Joined: 2015-02-15
Posts: 1,321
Website

Re: Regarding the data breach

The total amount of emails and/or ips leaked is 1.166.081*
Over 500.000 are estimated to be real emails.

*includes people with fake emails

Online

#37 2019-03-24 00:32:56

Guest.
Guest

Re: Regarding the data breach

ZeldaXD wrote:

The total amount of emails and/or ips leaked is 1.166.081*
Over 500.000 are estimated to be real emails.

*includes people with fake emails

assuming most of those accounts are real people, this is huge, and the biggest data breach ee has had in its history

#38 2019-03-24 00:34:00, last edited by LukeM (2019-03-24 00:35:30)

LukeM
Dev Team
From: England
Joined: 2016-06-03
Posts: 2,839
Website

Re: Regarding the data breach

Just going to try and correct some of the information Processor is spouting, because to the best of our knowledge most of it is false:

Processor wrote:

An attacker has gained access to EE databases earlier this week (on Tuesday). They exported databases and deleted some database objects.

Yes, an attacker gained access to the database earlier this week, but to the best of our knowledge, no exports were made at this point (if you think this is false then please send us your information rather than using it to directly attack us)


Processor wrote:

As LukeM confirms, the attacker made another export yesterday (other sources verify this claim: the export was made on 03/22/2019 around 17:30 UTC).

I have proof that staff noticed this within 24 hours.
They had the knowledge of a "backdoor" or exploit existing in the backend severs of EE and did not disclose this in time.
This provides legal basis to prove that the staff acted negligently and in their own interest.

Staff keeps issues to themselves:
I quit EE. I was notified of the mail and reports breach by Zoey2070 (a staff) today.

Something is wrong if I get notified before everyone else is.
Something is wrong if the top-most priority isn't to tell everyone to change their passwords.
Something is wrong if the owner would rather block me instead of discussing this issue.

We made users aware of this issue promptly, let those affected know what happened, and restored the data which was deleted. The reason you weren't notified about the earlier attacks was because you weren't affected by them, and the reason you haven't yet been notified about the later breaches was because we hadn't yet had time to gather the data.

The reason Xenonetix blocked you is that you are blindly attacking us rather than trying to actually solve the problem, which really doesn't help the situation.


Processor wrote:

Staff keeps game running despite breach:
The game has been compromised since Tuesday, the game is still compromised. LukeM has confirmed to me that the issues are still being fixed (read: aren't yet fixed).

Instead of shutting down the game until the data breach is solved, the management has chosen to keep the game running.
This prevents lost revenue at the expense of our security.

Staff has not notified users or the DPAs of this breach.
Some members of the community already know this, but those who have stopped playing / checking the forums do not. Their info is at risk, that's a problem.
Xenonetix has confirmed the knowledge of the upcoming leaks, yet has made no effort to the community know.

To our knowledge (and you have yet shown otherwise), yesterday was the first time any information was exported from our databases. During this event the in-game mail and reports were exported from the database and uploaded to a few free file hosting sites, but unless you shared personal information with other players using these services, no sensitive information was leaked at this point.

The reason the game hasn't been shut down since is because that wouldn't do anything to help, not that we want to keep earning money from EE or anything, in fact in the last few days we've made a grand total of £5.76, you maybe had the chance to be a sell-out back when you were working on the game, but thats really not an option anymore //ee.failforums.me/img/smilies/tongue

We will do everything as is advised by the relevant laws and regulations, but we need time to do it, you can't expect us to gather all the information about an attack that isn't even over yet and contact all of the people affected before you have the chance to write a badly thought out attack on the staff team...


Processor wrote:

If you are reading this, please close all EE tabs and do not access EE until further notice.
The game is breached and we suspect that the breach is still ongoing.
The attackers have shown the ability to access the servers.
Flash is not a secure platform. Downloading content from untrusted servers can leak your password and potentially install viruses on your PC.

Everybodyedits.com is currently breached and no longer safe.
Please change your password on any other site where you're using the same password as on EE.

You worked on EE yourself... You should know that this isn't how things work...
The database is entirely seperate from PlayerIO's internal account system, nobody has access to things like passwords, not even us.

Please just leave the announcements to us, you're just stirring up drama and giving out misinformation at this point.

Offline

Wooted by:

#39 2019-03-24 00:43:18

Guest.
Guest

Re: Regarding the data breach

“The reason Xenonetix blocked you is that you are blindly attacking us rather than trying to actually solve the problem, which really doesn't help the situation.”

lol nope. he blocks people whenever he’s told he’s **** up in some manner which he refuses to believe he’s done time and time again

#40 2019-03-24 01:00:44

Processor
Member
Joined: 2015-02-15
Posts: 2,022

Re: Regarding the data breach

LukeM wrote:

(if you think this is false then please send us your information rather than using it to directly attack us)

Sorry, that's not how this works. Before you spout ****, you come talk to me before attacking me, not the other way around.
I've worked on PlayerIO long enough to know how things work better than you do. I also know information security better than you do.

Passwords can be stolen with access to PlayerIO. Consult me in PMs if you'd like to know how.

I stand by what I said, as it is true and I have references and technical knowledge to prove it.


embed.png?style=banner3

Offline

Wooted by:

#41 2019-03-24 01:39:04

Processor
Member
Joined: 2015-02-15
Posts: 2,022

Re: Regarding the data breach

LukeM has declined to correct their statement.

So I will now post how a hacker can steal your password. This might get the hackers some ideas, but its better than having you guys misguided.

Step 1: Hacker gets access to PlayerIO (Done)
Step 2: Hacker updates flash game (hosted by PlayerIO) to send your stored password to their servers
Step 3: Hacker injects some viruses that run on your PC

Therefore, going to everybodyedits.com will risk your plaintext stored password getting uploaded to other sites. It also risks other code being run on your machine.

Flash is not the safest platform.

Our chatlog: https://simons.life/finish/cry


embed.png?style=banner3

Offline

Wooted by:

#42 2019-03-24 01:42:09, last edited by LukeM (2019-03-24 01:59:52)

LukeM
Dev Team
From: England
Joined: 2016-06-03
Posts: 2,839
Website

Re: Regarding the data breach

We have significant evidence to believe that what Processor has suggested is not possible.

I was discussing this with him, and was in the process of trying to confirm this when he refused to allow me the time to do so and posted this anyway.

I'll update this post when I either confirm that they do not, or have evidence to suggest that they might be able to.


Edit: We've finished looking into this, and after looking into it deeper, the evidence he presented us isn't consistant with the theory he had suggested.

Offline

#43 2019-03-24 01:53:56, last edited by Processor (2019-03-24 02:06:28)

Processor
Member
Joined: 2015-02-15
Posts: 2,022

Re: Regarding the data breach

Here's the thing, even if you suspect with a 1% chance that its possible, it's better to be safe than sorry.
That's why I asked LukeM to immediately correct his statement to say that he is currently investigating the issue and recommends not visiting the site. He said no to this request.


---

LukeM wants to work the other way around. Unless he is 99% sure that the game is unsafe, he is going to deny that the game is unsafe.

This perfectly visualizes the thinking:
qS9T5Kz.png

---

My knowledge and information tells me that its very likely to be possible.
LukeM could not provide me with any evidence to suggest that it's not possible.

Edit:

Also LukeM agrees that your IP addresses are being actively leaked:

[1:27 AM] Yonom: youre very sure they have access to people's IP address?
[...]
[1:27 AM] Yonom: and you arent doing anything about that?
[1:27 AM] LukeM: what is there to do?
[1:27 AM] Yonom: that reveals the user's current location, among other things
[1:27 AM] LukeM: they already have them
[1:28 AM] LukeM: and within a country maybe //ee.failforums.me/img/smilies/tongue
[1:28 AM] Yonom: IP addresses are considered personalized information by GDPR
[...]
[1:28 AM] LukeM: iirc they are only considered personal if they are bundled with other information that can be used to identify someone
[1:28 AM] LukeM: I did look into this
[...]
[1:28 AM] Yonom: they are bundled with username, email

There are users who are logging in for the first time today, and their updated IP address is going to be leaked. Staff does not care.


embed.png?style=banner3

Offline

#44 2019-03-24 02:44:35, last edited by this is epic :P :P (2019-03-24 02:47:40)

this is epic :P :P
Banned
Joined: 2019-03-24
Posts: 1

Re: Regarding the data breach

wow bros
this is epic ! //ee.failforums.me/img/smilies/tongue //ee.failforums.me/img/smilies/cool https://wiki.everybodyedits.com/images/c/c0/069_LOL
at this point we can just watch the game burn haha yes //ee.failforums.me/img/smilies/cool //ee.failforums.me/img/smilies/cool
game very alive //ee.failforums.me/img/smilies/big_smile


//ee.failforums.me/img/smilies/tongue //ee.failforums.me/img/smilies/tongue //ee.failforums.me/img/smilies/tongue //ee.failforums.me/img/smilies/tongue //ee.failforums.me/img/smilies/tongue //ee.failforums.me/img/smilies/tongue //ee.failforums.me/img/smilies/tongue destroyer123

Offline

Wooted by: (3)

#45 2019-03-24 03:00:11

2B55B5G TNG
Member
From: Levitation Planet
Joined: 2016-08-27
Posts: 1,487

Re: Regarding the data breach

Can someone check is my IP address getting leaked?

Offline

#46 2019-03-24 03:01:21

Onjit
Member
Joined: 2015-02-15
Posts: 7,974
Website

Re: Regarding the data breach

hey i know who did the breach but for reasons i cannot state i cannot disclose the identity of the hacker


A signature is a small piece of text that is attached to your posts. In it, you can enter just about anything you like. Perhaps you would like to enter your favourite quote or your star sign. It's up to you! In your signature you can use BBCode if it is allowed in this particular forum. You can see the features that are allowed/enabled listed below whenever you edit your signature.

Max length: 2,000 characters / Max lines: 20

Offline

Wooted by:

#47 2019-03-24 03:01:38, last edited by Spongelito (2019-03-24 03:01:55)

Spongelito
Member
From: Tennessee, USA
Joined: 2018-01-03
Posts: 38

Re: Regarding the data breach

LukeM, if I may explain to you why you should temporarily shutdown the game:

1. It lowers risk and prevents players from logging in, making it safer

2. While shutting down the game doesn't exactly solve the problem, it's more of a precaution to keep things from getting worse.


Hits that yeet all day and all night
1a8d1a0b38ed2d870651225a3daa431fa1f10b3ar1-455-528v2_128.jpg

Offline

Wooted by:

#48 2019-03-24 03:05:47, last edited by mrjawapa (2019-03-24 03:06:48)

mrjawapa
Member
From: Ohio, USA
Joined: 2015-02-15
Posts: 5,065
Website

Re: Regarding the data breach

Why has this topic turned into a **** measuring contest?

"I know more than you"
"No, I know more than YOU"
"NO, I know more!"



can we not fearmonger?


jmz85ffh.png

Offline

Wooted by: (2)

#49 2019-03-24 03:08:11

Different55
Forum Admin
Joined: 2015-02-07
Posts: 15,956

Re: Regarding the data breach

Funposting won't be allowed here, either.


"Sometimes failing a leap of faith is better than inching forward"
- ShinsukeIto

Offline

#50 2019-03-24 07:20:34, last edited by Anatoly (2019-03-24 08:14:17)

Anatoly
Member
From: Germany, Bavaria, Munich
Joined: 2015-07-31
Posts: 6,341

Re: Regarding the data breach

What about merged accounts?
E.g. if you moved FB -> EE.COM before the raid.

Should the police be informed about illegal take-away of data?
It’s possible that the raid is more serious to take, if it’s from a terrorist group. Do not risk anymore, from what I’ve read EE staff did already enough mistakes... don’t forget, he managed to find all leaks the game had!

Is there any possible way to detect the raider/hacker/mister man/mister x/however he’s called?
For understanding how serious the problem is.

I didn’t log into EE after the start of the raid. Do they have any information about my IP Address? Where is the IP stored?
because someone mentioned that only IP addresses logged after the raid started??

to;dr; Raid Level: High enough


Best regards,
y51lcgx.png
Graphics | Signatures
Anatoly.

Offline

Processor1553794257743837

Board footer

Powered by FluxBB

[ Started around 1568838599.3313 - Generated in 0.104 seconds, 12 queries executed - Memory usage: 1.66 MiB (Peak: 1.93 MiB) ]