Play Now Login Create Account
illyriad
  New Posts New Posts RSS Feed - Forum Security
  FAQ FAQ  Forum Search   Register Register  Login Login

Forum Security

 Post Reply Post Reply
Author
GM Stormcrow View Drop Down
Moderator Group
Moderator Group
Avatar
GM

Joined: 23 Feb 2010
Location: Illyria
Status: Offline
Points: 3926
Post Options Post Options   Thanks (3) Thanks(3)   Quote GM Stormcrow Quote  Post ReplyReply Direct Link To This Post Topic: Forum Security
    Posted: 13 Dec 2019 at 18:44
Hi everyone,

At 12:04 today, an unauthorised person gained access to some of the admin functions of the Illyriad Forums, and replaced the header and footer of the forum with a note about the forum being hacked.

Our forums are provided and hosted by a third party provider, and they assure us that there is no underlying issue or vulnerability in the forum software or hosted environment.

Our forum provider says that it appears that a compromised password from an old administrative account was used to access the memberlist and layout functions of the forum.  It was this that enabled the intruder to replace the forum header with a message about the forum being hacked.   Attempts by this person to upload scripts and other files were blocked by further layers of our forum providers' security.

Please note that:

a) This breach in no way affected the game servers or game data itself.  The forum and the game are kept entirely separate (which is why you have different login credentials for each).  Different servers, different hosting providers, different login credentials, different datacenters.  

b) Our forum provider assures us that your passwords are all one-way encrypted, and that no-one (not even our forum provider) has access to your passwords. 

c) Whilst there is no bulk data export function from the forum's admin interface, it is possible that - by screen scraping each members' individual admin page - the intruder has a copy of the email address you provided to us when you first opened your forum account.  

d) To rectify the issue, our forum provider has: 
 i) taken the forum down, 
ii) changed all the admin passwords,
 iii) checked any and every file changed (such as the page headers and footers) & forum admin functions accessed,
iv) ran the forum back to this morning's backup (so any posts since about 0100 this morning will have disappeared), and 
v) brought the forum back to live

We believe that everything on the forum is back and running as normal, but we are certainly keeping a close eye on everything.  Our forum software provider is running further audits and security tests.

We've been in touch with the Information Commissioner's Office in the UK, and they have informed us that under the current circumstances this does not qualify as a personal data breach that requires formal reporting under the UK's Data Protection Act (2018).

Obviously - wherever the fault lies - we apologise unreservedly.

If you have any further questions, please feel free to ask them (as its regarding security, probably best via an ingame petition), and we'll get back to you as soon as we possibly can.

Regards,

SC
Back to Top
jamesroy View Drop Down
New Poster
New Poster
Avatar

Joined: 18 Jun 2020
Location: New York
Status: Offline
Points: 1
Post Options Post Options   Thanks (0) Thanks(0)   Quote jamesroy Quote  Post ReplyReply Direct Link To This Post Posted: 18 Jun 2020 at 12:53
Thank u for your information.

Get to know about BICSI Technician.
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.03
Copyright ©2001-2019 Web Wiz Ltd.