Forum Security |
Post Reply |
Author | |
GM Stormcrow
Moderator Group GM Joined: 23 Feb 2010 Location: Illyria Status: Offline Points: 3926 |
Post Options
Thanks(3)
Posted: 13 Dec 2019 at 18:44 |
Hi everyone, At 12:04 today, an unauthorised person gained access to some of the admin functions of the Illyriad Forums, and replaced the header and footer of the forum with a note about the forum being hacked. Our forums are provided and hosted by a third party provider, and they assure us that there is no underlying issue or vulnerability in the forum software or hosted environment. Our forum provider says that it appears that a compromised password from an old administrative account was used to access the memberlist and layout functions of the forum. It was this that enabled the intruder to replace the forum header with a message about the forum being hacked. Attempts by this person to upload scripts and other files were blocked by further layers of our forum providers' security. Please note that: a) This breach in no way affected the game servers or game data itself. The forum and the game are kept entirely separate (which is why you have different login credentials for each). Different servers, different hosting providers, different login credentials, different datacenters. b) Our forum provider assures us that your passwords are all one-way encrypted, and that no-one (not even our forum provider) has access to your passwords. c) Whilst there is no bulk data export function from the forum's admin interface, it is possible that - by screen scraping each members' individual admin page - the intruder has a copy of the email address you provided to us when you first opened your forum account. d) To rectify the issue, our forum provider has: i) taken the forum down, ii) changed all the admin passwords, iii) checked any and every file changed (such as the page headers and footers) & forum admin functions accessed, iv) ran the forum back to this morning's backup (so any posts since about 0100 this morning will have disappeared), and v) brought the forum back to live We believe that everything on the forum is back and running as normal, but we are certainly keeping a close eye on everything. Our forum software provider is running further audits and security tests. We've been in touch with the Information Commissioner's Office in the UK, and they have informed us that under the current circumstances this does not qualify as a personal data breach that requires formal reporting under the UK's Data Protection Act (2018). Obviously - wherever the fault lies - we apologise unreservedly. If you have any further questions, please feel free to ask them (as its regarding security, probably best via an ingame petition), and we'll get back to you as soon as we possibly can. Regards, SC
|
|
jamesroy
New Poster Joined: 18 Jun 2020 Location: New York Status: Offline Points: 1 |
Post Options
Thanks(0)
|
Thank u for your information.
|
|
Get to know about BICSI Technician. |
|
Post Reply | |
Tweet
|
Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |