Jump to content


Photo

GMC forums cyber attack.


  • Please log in to reply
235 replies to this topic

#1 Mike.Dailly

Mike.Dailly

    Evil YoYo Games Employee

  • Administrators
  • 5277 posts
  • Version:GM:Studio

Posted 02 December 2015 - 08:58 AM

Dear GMC community,

 

We are very sorry to announce that last night we discovered what appears to be a cyber attack in in the GMC forum software. The attack has been instantly removed and we are still investigating the scope of the breach. We urge you to change your forum password as soon as possible, as usernames and passwords of the forum may have been compromised.

 

The breach appears to be fully contained within the forums directory structure. We therefore believe that no sensitive personal information has been compromised.

 

Please remember that in order to mitigate the damage of possible cyber attacks, we advise you not to use the same password on forums as you do anywhere else.
Again, we are very sorry for the inconveniences.

YoYo Games Ltd.


  • 30

#2 dape

dape

    GMC Member

  • New Member
  • 13 posts
  • Version:GM:HTML5

Posted 02 December 2015 - 09:01 AM

Thanks for the notice, are you up-to-date with IP.Board 3.4.8 ? I am asking because i run IPS4 (upgraded from IP.Board) on a local gaming community and i am wondering if there is a problem with the latest version software from Invision..


  • 1

#3 Lukan Spellweaver

Lukan Spellweaver

    Gay Wizard Freak & mcmonkey's plaything

  • GMC Member
  • 3704 posts
  • Version:GM:Studio

Posted 02 December 2015 - 09:03 AM

Thanks for the heads up... I change my password here more than I change my bank password...


  • 2

DeEuDARh.pngi1SR21Q.png

Find me on Itch.io | GameJolt | YouTube | Twitter | Facebook | Website | Ask.FM

 GMC Google Hangout | I liek monkehs

The GMC, here lies she. Kicked to the curb, with nary a word. She shall live on, though. Remain strong, bros.

Also: MIKE DAILLY TOLD ME TO UPDATE MY SIGNATURE


#4 GameDevDan

GameDevDan

    RIP current GMC

  • Global Moderators
  • 1453 posts
  • Version:GM:Studio

Posted 02 December 2015 - 09:11 AM

If only True Valhalla were still here to have a cup of tea and a chat with the hackers \o/


  • 24

See you all on the other side.

Back & share :)


#5 Lukan Spellweaver

Lukan Spellweaver

    Gay Wizard Freak & mcmonkey's plaything

  • GMC Member
  • 3704 posts
  • Version:GM:Studio

Posted 02 December 2015 - 09:25 AM

Danta Claus
  • 1

DeEuDARh.pngi1SR21Q.png

Find me on Itch.io | GameJolt | YouTube | Twitter | Facebook | Website | Ask.FM

 GMC Google Hangout | I liek monkehs

The GMC, here lies she. Kicked to the curb, with nary a word. She shall live on, though. Remain strong, bros.

Also: MIKE DAILLY TOLD ME TO UPDATE MY SIGNATURE


#6 Lonewolff

Lonewolff

    Permanent Resident

  • GMC Member
  • 3517 posts
  • Version:GM:Studio

Posted 02 December 2015 - 09:36 AM

Thanks for the heads up Mike, password changed.
  • 0

#7 HopelessComposer

HopelessComposer

    GMC Member

  • GMC Member
  • 1337 posts
  • Version:GM:Studio

Posted 02 December 2015 - 09:40 AM

Nice!

Thanks for the heads up though, Mike. =)

You can't put this somewhere a little more visible, though?


  • 0

#8 Alice

Alice

    Toolmaker of Bucuresti

  • GMC Member
  • 1392 posts
  • Version:GM:Studio

Posted 02 December 2015 - 09:45 AM

Yeah, I guess things like that should be mass-PMd, or something similar. It's simply too important to appear somewhere in the topic which people might or might not check, and that will become inactive within a week or month or so...
  • 0


LShy6C6.png


#9 Floofpaws

Floofpaws

    Fox

  • GMC Member
  • 2161 posts
  • Version:Unknown

Posted 02 December 2015 - 10:45 AM

(At some dimly lit hacker HQ)
Boss: "We need a new target to test our new IP.Board exploit. Got any... suggestions?" [malicious grin]
Agent: "Well, a little while ago we came across this strange game development forum. And certain status updates from this guy on there make us cry because he keeps making fun of us. We tried to stop it in the past but lost an agent along the way."
Boss: "I see... We must make sure they pay for... Crossing us." [evil laughter]


Edited by Floofpaws, 02 December 2015 - 10:48 AM.

  • 11

#10 Surgeon_

Surgeon_

    Loves Symbian

  • GMC Member
  • 157 posts
  • Version:GM:Studio

Posted 02 December 2015 - 11:16 AM

Imagine how funny it would be if some hackers wanted to attack a forum but realized they couldn't / didn't know how to because the server was running Symbian xD And yes, I know that Symbian has nothing to do with servers, but still...


Edited by Surgeon_, 02 December 2015 - 11:17 AM.

  • 1

Mercury Engine - 2D, grid-based Worlds - with built-in collision checking, tile animation and dynamic lighting.

 

NSP 2 - A (better) GML String Parser  - if you ever missed execute_string(...)

 

Possibly a link to my new Profile page - and possibly not


#11 Overloaded

Overloaded

    Oneirophobia

  • GMC Member
  • 995 posts
  • Version:GM:Studio

Posted 02 December 2015 - 11:28 AM

I don't understand why hackers would attack a game development forum. What a bunch of kids.


  • 1

gmc_signature.png

Upcoming 2D Turn-Based RPG. You can visit our website, like us on Facebook and follow us on Twitter.

Check out my GM Marketplace Assets!

Follow me on Twitter: @OVLDD

 


#12 Repix

Repix

    Goodbye!

  • GMC:Member
  • 816 posts
  • Version:GM:Studio

Posted 02 December 2015 - 11:33 AM

I don't understand why hackers would attack a game development forum. What a bunch of kids.

 

It must be guys trying to sabotage MY games, they know they're too dang perfect to have around!


Take the pistol, aim the front towards yourself, pull the trigger, why? because it's not a prank gun no longer.


#13 Ehsan

Ehsan

    Pirates & Clones

  • GMC Member
  • 407 posts
  • Version:GM:Studio

Posted 02 December 2015 - 12:27 PM

I didn't lose much information, I hadn't had any on GMC except my email address. I'll be expecting an email from Nigeria soon!


  • 3

5k3IA5f.png

Candy Factory (WIP)!

Candy Factory is a fast paced match-3 like game!


#14 Slammin Sam

Slammin Sam

    I craft juicy things

  • GMC Member
  • 854 posts
  • Version:GM:Studio

Posted 02 December 2015 - 12:42 PM

Oh dear, again? If you've been good this year, perhaps Santa will bring you some new forum software.

Also, what if you use Twitter to log in?
  • 4

Nothing to see here...move along


#15 Nexusrex

Nexusrex

    WRYYYY!

  • GMC Member
  • 637 posts
  • Version:GM:Studio

Posted 02 December 2015 - 12:52 PM

Wow, dat's pretty weird..


  • 0

#16 Bleed

Bleed

    Chevalier

  • GMC Member
  • 763 posts
  • Version:GM:Studio

Posted 02 December 2015 - 12:59 PM

What can be considered "sensitive personal information" in a gamedev forum? I'm looking to remove said information...


  • 0

rlztjp_zpsoqffaixe.jpg


#17 BeveledEdgeCo

BeveledEdgeCo

    GMC Member

  • GMC Member
  • 175 posts
  • Version:GM:Studio

Posted 02 December 2015 - 01:07 PM

yeah I'm curious how this affects twitter?


  • 0

#18 Yeti2

Yeti2

    GMC Member

  • GMC Member
  • 27 posts
  • Version:GM:Studio

Posted 02 December 2015 - 01:11 PM

Thanks for the heads up, I'm glad I use a totally unique password for this place.

 

It still amazes me why people attack this place though, nothing better to do?


  • 0

CBGsig_zpsed54d121.png


#19 Mike.Dailly

Mike.Dailly

    Evil YoYo Games Employee

  • Administrators
  • 5277 posts
  • Version:GM:Studio

Posted 02 December 2015 - 01:17 PM

RE: Twitter.  I don't really know.  Your twitter password isn't stored here, but there is a "token" it uses to authenticate. How it does this, I've no idea. But the password you use for twitter isn't here. If you want to be safe, you should break the link, then re-link it. That would invalidate any current tokens the forum has.


  • 2

#20 Lindion45

Lindion45

    Scared of the Ducks

  • GMC Member
  • 1554 posts
  • Version:Unknown

Posted 02 December 2015 - 01:18 PM

How did you find out about the attack? What did the attack consist of?


  • 0

UzQSAz6.pngXhTycnt.png


#21 RekNepZ

RekNepZ

    GMC Historian

  • GMC Member
  • 718 posts
  • Version:GM:Studio

Posted 02 December 2015 - 01:30 PM

Strange how TV just happened to return when the site got hacked...


  • 3

AczgxAZ.png

^kept in my sig for historical purposes^


#22 ShadeSpeed

ShadeSpeed

    Procedural Generation King

  • GMC Member
  • 771 posts
  • Version:GM:Studio

Posted 02 December 2015 - 01:30 PM

What can be considered "sensitive personal information" in a gamedev forum? I'm looking to remove said information...

 

When I found a security flaw a few months ago, I managed to inject JavaScript into the page that people were viewing, then log them out, close the current tab, open a new tab on the login screen (with code injected into that window), which could have silently captured key presses, or retrieved the users username, email address and password, and could have easily stored it on an external site's database, as well as the user's global IP address, location, etc, etc. You'd be surprised at how many people use the same username / email address & password combinations for most of their services. 

 

Luckily, I found the flaw and reported it before someone else found it and exploited it for malicious purposes. 


  • 2

Marketplace Resources

 

code.png page.png video.png


#23 Bleed

Bleed

    Chevalier

  • GMC Member
  • 763 posts
  • Version:GM:Studio

Posted 02 December 2015 - 01:51 PM

 

What can be considered "sensitive personal information" in a gamedev forum? I'm looking to remove said information...

 

When I found a security flaw a few months ago, I managed to inject JavaScript into the page that people were viewing, then log them out, close the current tab, open a new tab on the login screen (with code injected into that window), which could have silently captured key presses, or retrieved the users username, email address and password, and could have easily stored it on an external site's database, as well as the user's global IP address, location, etc, etc. You'd be surprised at how many people use the same username / email address & password combinations for most of their services. 

 

Luckily, I found the flaw and reported it before someone else found it and exploited it for malicious purposes. 

 

 

But what you said is related to Java and it's scripts, wasn't really the answer i was looking for.


  • 0

rlztjp_zpsoqffaixe.jpg


#24 ShadeSpeed

ShadeSpeed

    Procedural Generation King

  • GMC Member
  • 771 posts
  • Version:GM:Studio

Posted 02 December 2015 - 02:11 PM

 

 

What can be considered "sensitive personal information" in a gamedev forum? I'm looking to remove said information...

 

When I found a security flaw a few months ago, I managed to inject JavaScript into the page that people were viewing, then log them out, close the current tab, open a new tab on the login screen (with code injected into that window), which could have silently captured key presses, or retrieved the users username, email address and password, and could have easily stored it on an external site's database, as well as the user's global IP address, location, etc, etc. You'd be surprised at how many people use the same username / email address & password combinations for most of their services. 

 

Luckily, I found the flaw and reported it before someone else found it and exploited it for malicious purposes. 

 

 

But what you said is related to Java and it's scripts, wasn't really the answer i was looking for.

 

 

What does this mean? 

 

I wrote this to try to explain that hackers could easily steal email address / password combinations, as well as twitter account details, IP addresses, etc, if they successfully injected code into the frontend / backend.


  • 0

Marketplace Resources

 

code.png page.png video.png


#25 AtlaStar

AtlaStar

    GMC Member

  • New Member
  • 4 posts
  • Version:GM:Studio

Posted 02 December 2015 - 02:13 PM

Anyone using Twitter to log in should be fine, since it uses OAuth to create, as Mike mentioned, a Token that acts as a login. Not only that but the token generated and used to sign you in using twitter is generated off of the 'app' developer token that is required to be created to use the functionality. So basically your token's are created by hashing the hashed developer token, and are only able to interact within the scope of the program that your tokens were created from.

 

Made a sniperbot program for twitter giveaways for some locals who wanted to get limited edition Nike products, hence I know allllll about OAuth


  • 0

#26 Mercerenies

Mercerenies

    Koopa King

  • GMC Member
  • 1945 posts
  • Version:GM:Studio

Posted 02 December 2015 - 02:15 PM

The IPBoard light theme doesn't appear to be showing the red warning text at the top of the screen. I wouldn't have known about this if not for the aamatniekss's status.
  • 0
iPqfGiP.png

#27 GameGeisha

GameGeisha

    GameGeisha

  • GMC Member
  • 6565 posts
  • Version:GM:Studio

Posted 02 December 2015 - 02:22 PM

 

 

What can be considered "sensitive personal information" in a gamedev forum? I'm looking to remove said information...

 

When I found a security flaw a few months ago, I managed to inject JavaScript into the page that people were viewing, then log them out, close the current tab, open a new tab on the login screen (with code injected into that window), which could have silently captured key presses, or retrieved the users username, email address and password, and could have easily stored it on an external site's database, as well as the user's global IP address, location, etc, etc. You'd be surprised at how many people use the same username / email address & password combinations for most of their services. 

 

Luckily, I found the flaw and reported it before someone else found it and exploited it for malicious purposes. 

 

 

But what you said is related to Java and it's scripts, wasn't really the answer i was looking for.

 

 

JavaScript has nothing to do with Java, anyone with more than half a pinky finger in programming should know that.

 

As for what "sensitive personal information" can mean: passwords, email addresses, IP addresses, PMs, OAuth tokens, etc.

 

GameGeisha


  • 0
Latest Releases:
  • GMLinear --- Matrix and vector math in one line!
  • GMAssert --- Debug invalid values and write quick unit tests with ease!
  • KameGMS --- Bring up TortoiseSVN and TortoiseGit dialogs from within the GMS IDE!
  • JSOnion v1.1 --- The stink-free way to handle JSON! (even deeply nested ones)

#28 Mike.Dailly

Mike.Dailly

    Evil YoYo Games Employee

  • Administrators
  • 5277 posts
  • Version:GM:Studio

Posted 02 December 2015 - 02:30 PM

The IPBoard light theme doesn't appear to be showing the red warning text at the top of the screen. I wouldn't have known about this if not for the aamatniekss's status.

Ahh..yes. Thanks, I'll take a look at that.

 

EDIT:  Now added to standard and mobile skins - many thanks for pointing that out.


  • 1

#29 Bleed

Bleed

    Chevalier

  • GMC Member
  • 763 posts
  • Version:GM:Studio

Posted 02 December 2015 - 02:35 PM

[MOD: Cut]

 


But what you said is related to Java and it's scripts, wasn't really the answer i was looking for.

 

JavaScript has nothing to do with Java, anyone with more than half a pinky finger in programming should know that.

 

As for what "sensitive personal information" can mean: passwords, email addresses, IP addresses, PMs, OAuth tokens, etc.

 

GameGeisha

 

 

So in short, anyone who is doing this is either trying to prove a point or...practicing for bigger bait?

 

Anyway, thanks for the warning Admin, password changed, until the next hack.


Edited by Mike.Dailly, 02 December 2015 - 02:45 PM.

  • 0

rlztjp_zpsoqffaixe.jpg


#30 blackhawkrobbo

blackhawkrobbo

    GMC Member

  • GMC Member
  • 1121 posts
  • Version:GM:Studio

Posted 02 December 2015 - 03:21 PM

Ehm, password & username comprimised? I hope they only got hashes, not real passwords?
  • 4

#31 RujiK

RujiK

    GMC Member

  • GMC Member
  • 841 posts
  • Version:GM:Studio

Posted 02 December 2015 - 03:37 PM

I have to get a new password?!

 

password2 it is.


  • 9

#32 BenRK

BenRK

    Now in high-definition!

  • GMC Member
  • 855 posts
  • Version:GM:Studio

Posted 02 December 2015 - 03:41 PM

I suppose now is as good a time as any to update my info. I was wondering why I never got an email when someone PMed me. Turns out my account was associated with an email that I deactivated YEARS ago. And a new password couldn't hurt either.


  • 0

#33 Leafen

Leafen

    Love storm! <3

  • GMC Member
  • 662 posts
  • Version:GM:Studio

Posted 02 December 2015 - 04:17 PM

What a mess! This is an odd place to hack passwords.
  • 0

#34 grandhighgamer

grandhighgamer

    Village Idiot

  • GMC Member
  • 3876 posts
  • Version:GM:Studio

Posted 02 December 2015 - 04:29 PM

I have to get a new password?!

 

password2 it is.

New password: passw0rd. With the letter O replaced with the number 0. Genius! Unbreakable!


  • 1

GHG WUZ ERE


#35 chance

chance

    GMC Member

  • Global Moderators
  • 8762 posts
  • Version:GM:Studio

Posted 02 December 2015 - 04:44 PM

This is an odd place to hack passwords.

 

Any place is a good place.  The reason is because so many people use the same password on multiple sites. 

 

So there's a fair chance a forum password may also allow access to the member's email account, for example.  And once inside your email, hackers can use it to reset passwords on other sites you visited (as seen from your emails).   Especially useful with retail sites, where they can access credit card details on file in your account.

 

This may be less likely with web-savvy GMC members.  But even if only few percent make this mistake, it's worthwhile to hackers.


  • 1

#36 Lindion45

Lindion45

    Scared of the Ducks

  • GMC Member
  • 1554 posts
  • Version:Unknown

Posted 02 December 2015 - 04:45 PM

Ehm, password & username comprimised? I hope they only got hashes, not real passwords?

I should really hope so.


  • 1

UzQSAz6.pngXhTycnt.png


#37 faissialoo

faissialoo

    I get high on orange

  • GMC Member
  • 1372 posts
  • Version:GM:Studio

Posted 02 December 2015 - 04:48 PM

Cool, how did they get in? Thanks for telling us btw, I've changed my password

Ehm, password & username comprimised? I hope they only got hashes, not real passwords?

I should really hope so.

Not too long ago the LinusTechTips forum (they use IPBoard too) was hacked so I'm guessing they might have gotten passwords the same way, that is: sending data from the input fields to the attacker rather than cracking the hashed+salted passwords.

Edited by faissialoo, 02 December 2015 - 04:51 PM.

  • 0

cooltext680386545.png
The YYGF subreddit: /r/YYGF


#38 GameGeisha

GameGeisha

    GameGeisha

  • GMC Member
  • 6565 posts
  • Version:GM:Studio

Posted 02 December 2015 - 05:15 PM

Cool, how did they get in? Thanks for telling us btw, I've changed my password

 

Ehm, password & username comprimised? I hope they only got hashes, not real passwords?

I should really hope so.

 

Not too long ago the LinusTechTips forum (they use IPBoard too) was hacked so I'm guessing they might have gotten passwords the same way, that is: sending data from the input fields to the attacker rather than cracking the hashed+salted passwords.

 

 

The attackers got in the same way they did on LinusTechTips and the last time GMC was targeted (i.e. the one TrueValhalla got into a PR scrape with), via a compromised administrator password.

 

More often than not, the reason that the administrator password got compromised is its reuse on another site hacked earlier on. That was the case last time, but what about this time?

 

GameGeisha


  • 0
Latest Releases:
  • GMLinear --- Matrix and vector math in one line!
  • GMAssert --- Debug invalid values and write quick unit tests with ease!
  • KameGMS --- Bring up TortoiseSVN and TortoiseGit dialogs from within the GMS IDE!
  • JSOnion v1.1 --- The stink-free way to handle JSON! (even deeply nested ones)

#39 amateurhour

amateurhour

    GMC Member

  • GMC Member
  • 101 posts
  • Version:GM:Studio

Posted 02 December 2015 - 05:22 PM

Just to be clear, this didn't affect the marketplace/yoyo acct did it? Just the forums?


  • 0

#40 GameGeisha

GameGeisha

    GameGeisha

  • GMC Member
  • 6565 posts
  • Version:GM:Studio

Posted 02 December 2015 - 06:19 PM

Just to be clear, this didn't affect the marketplace/yoyo acct did it? Just the forums?

 

That can't be ruled out just yet.

 

The attack has been instantly removed and we are still investigating the scope of the breach. We urge you to change your forum password as soon as possible, as usernames and passwords of the forum may have been compromised.

 

GameGeisha


  • 0
Latest Releases:
  • GMLinear --- Matrix and vector math in one line!
  • GMAssert --- Debug invalid values and write quick unit tests with ease!
  • KameGMS --- Bring up TortoiseSVN and TortoiseGit dialogs from within the GMS IDE!
  • JSOnion v1.1 --- The stink-free way to handle JSON! (even deeply nested ones)

#41 amateurhour

amateurhour

    GMC Member

  • GMC Member
  • 101 posts
  • Version:GM:Studio

Posted 02 December 2015 - 06:35 PM

 

Just to be clear, this didn't affect the marketplace/yoyo acct did it? Just the forums?

 

That can't be ruled out just yet.

 

The attack has been instantly removed and we are still investigating the scope of the breach. We urge you to change your forum password as soon as possible, as usernames and passwords of the forum may have been compromised.

 

GameGeisha

 

 

That's kind of what I figured, you should probably amend the OP to reflect that, even if they're not tied together, a lot of users probably share e-mail addresses and passwords between the two, and that ties to CC info as well as personally identifiable information.


  • 0

#42 sahara300

sahara300

    GMC Member

  • GMC Member
  • 45 posts
  • Version:Unknown

Posted 02 December 2015 - 08:01 PM

Im running puppy linux.What to do?Is it safe to connect at other disc?


  • 0

#43 Lukan Spellweaver

Lukan Spellweaver

    Gay Wizard Freak & mcmonkey's plaything

  • GMC Member
  • 3704 posts
  • Version:GM:Studio

Posted 02 December 2015 - 08:02 PM

I bet it was EA finally looking for good game ideas.


  • 5

DeEuDARh.pngi1SR21Q.png

Find me on Itch.io | GameJolt | YouTube | Twitter | Facebook | Website | Ask.FM

 GMC Google Hangout | I liek monkehs

The GMC, here lies she. Kicked to the curb, with nary a word. She shall live on, though. Remain strong, bros.

Also: MIKE DAILLY TOLD ME TO UPDATE MY SIGNATURE


#44 Greenhawk

Greenhawk

    Gue Games

  • GMC Member
  • 722 posts
  • Version:GM:Studio

Posted 02 December 2015 - 08:09 PM

I bet Treyarch was looking for better servers! :D


  • 0

Games Made:

 

Youtube Channels:

One of the many GMC Gurus.


#45 PenguinPingo

PenguinPingo

    Game Developer

  • GMC Member
  • 161 posts
  • Version:GM:Studio

Posted 02 December 2015 - 08:12 PM

I used my twitter account to connect to the forums. Is there any problem from there?


  • 0

/---------------------------------------------------------\

Goodbye GMC, it was nice knowing you.

\---------------------------------------------------------/


#46 Lukan Spellweaver

Lukan Spellweaver

    Gay Wizard Freak & mcmonkey's plaything

  • GMC Member
  • 3704 posts
  • Version:GM:Studio

Posted 02 December 2015 - 08:13 PM

I used my twitter account to connect to the forums. Is there any problem from there?

You should unlink, then relink twitter to your account.

This will dispose of your tokens and make new ones.

 

No passwords from Twutter are stored here.


  • 0

DeEuDARh.pngi1SR21Q.png

Find me on Itch.io | GameJolt | YouTube | Twitter | Facebook | Website | Ask.FM

 GMC Google Hangout | I liek monkehs

The GMC, here lies she. Kicked to the curb, with nary a word. She shall live on, though. Remain strong, bros.

Also: MIKE DAILLY TOLD ME TO UPDATE MY SIGNATURE


#47 Greenhawk

Greenhawk

    Gue Games

  • GMC Member
  • 722 posts
  • Version:GM:Studio

Posted 02 December 2015 - 08:17 PM

 

I used my twitter account to connect to the forums. Is there any problem from there?

You should unlink, then relink twitter to your account.

This will dispose of your tokens and make new ones.

 

No passwords from Twutter are stored here.

 

Thanks for reminding me about that! You can never be too safe  :lol:


  • 0

Games Made:

 

Youtube Channels:

One of the many GMC Gurus.


#48 PenguinPingo

PenguinPingo

    Game Developer

  • GMC Member
  • 161 posts
  • Version:GM:Studio

Posted 02 December 2015 - 08:20 PM

 

I used my twitter account to connect to the forums. Is there any problem from there?

You should unlink, then relink twitter to your account.

This will dispose of your tokens and make new ones.

 

No passwords from Twutter are stored here.

 

I tried unlinking and looked at how it worked.

 

It says permissions read only. It isn't as bad.


  • 0

/---------------------------------------------------------\

Goodbye GMC, it was nice knowing you.

\---------------------------------------------------------/


#49 Dragon47

Dragon47

    Mytino

  • GMC Member
  • 687 posts
  • Version:GM:Studio

Posted 02 December 2015 - 09:18 PM

So are the GMC storing password hashes, or just plain text passwords (i hope not, shouldn't be done nowadays on bigger websites like this)? Not sure if I should change my password across several websites or only this one yet.

Edited by Dragon47, 02 December 2015 - 09:19 PM.

  • 0

wfoEubT.png       BNY6m3V.png       cfwjSDg.png       jermsLg.png       WqPXsGB.png

 

Games:   Blue Void (3D horror)   Icebound (2D puzzle platformer)


#50 BlueSteelAU

BlueSteelAU

    GMC Member

  • GMC Member
  • 20 posts
  • Version:GM:Studio

Posted 02 December 2015 - 09:25 PM

what gets me is that its been known about for about a month according to what i've read up about above, and we are only told about it now ???? 


  • 0