Important: Security Breach (Please Read)

ISO · Post Post #0 (ISO) » Tue Nov 01, 2016 10:26 am

Yesterday at about 3am EDT, an unknown actor was able to breach the mafiascum.net database, which includes posts in both public and private forums, as well as private messages between users. We don't know the perpetrator's intentions or who they are.

For all users who have logged in since the 3.0 upgrade a while back, passwords are salted and hashed with a decent algorithm, and users prior to this point have hashed passwords. (This means if you've logged in any time recently, your password is hard to crack, but not impossible through brute force.)

You, as a user should take these steps now:

1.

Change your password on this site. In keeping with good security practices, you should not use the same password across websites.

2. If you are using the same password on this site on other websites, you should change those too, especially if you share a username or email address on those websites.
3. Notify us if you encounter any unusual access to your account.

As we learn more pertinent details, we'll let you know. We value your privacy, which is why we are releasing these details as a precautionary measure. If you have any information regarding this breach, please contact me by email.

We hope nothing worse comes from this, but we want you to be aware and able to prepare for every possibility and for you to be able to secure your data appropriately. We're implementing additional security measures to prevent recurrence of such a breach, so as to better protect you and the site. Thank you.

-mith

chamber · Post Post #1 (ISO) » Tue Nov 01, 2016 10:32 am

Email addresses are stored as plain text. If you use the same password there as here~.

Andrius · Post Post #2 (ISO) » Tue Nov 01, 2016 10:56 am

Thank you for informing us, and for your continued support.

McMenno · Post Post #3 (ISO) » Tue Nov 01, 2016 11:03 am

it was me

nah just kidding

ISO · Post Post #4 (ISO) » Tue Nov 01, 2016 11:10 am

Shotty warned us. We didn't listen. Now every Wendy's register in the country is aimed at us.

Alchemist21 · Post Post #5 (ISO) » Tue Nov 01, 2016 11:15 am

I wouldn't be surprised if it was F-16. The ban thread mentions that he somehow managed to keep opening a closed thread

(back before thread creators had the power to lock/unlock their own threads).

EDIT: I was wrong about that part.

Elias_the_thief · Post Post #6 (ISO) » Tue Nov 01, 2016 11:33 am

Well on the bright side now I know the passwords to all my alts.

Firebringer · Post Post #7 (ISO) » Tue Nov 01, 2016 11:45 am

In post 4, AniX wrote:Shotty warned us. We didn't listen. Now every Wendy's register in the country is aimed at us.

QFT

BROseidon · Post Post #8 (ISO) » Tue Nov 01, 2016 12:37 pm

Good thing my pw for the site was my old Linkedin one that was already leaked!

Cheery Dog · Post Post #9 (ISO) » Tue Nov 01, 2016 12:38 pm

Ah the timely reminder that I need to use my non-default password on sites I actually hang around on.

Although why I was still using it after a different site had these types of issues idk. I probably wouldn't have been had I been here back then.

So I assume I'm going to now get banned somewhere else I haven't used because I've forgotten sites I exist on Buu not sticking around long enough to care.

Majiffy · Post Post #10 (ISO) » Tue Nov 01, 2016 1:05 pm

Thanks for letting us know, Mith.

Were they able to access information such as PayPal account information or no? I would assume not but would be good to have an official answer regarding that.

Ircher · Post Post #11 (ISO) » Tue Nov 01, 2016 1:07 pm

RIP me.....

Wake1 · Post Post #12 (ISO) » Tue Nov 01, 2016 1:08 pm

Are there any indications on who this person is?

Realeo · Post Post #13 (ISO) » Tue Nov 01, 2016 1:37 pm

In post 0, mith wrote:decent algorithm

And that algorithm is... (Please don't tell me it's MD5)

Majiffy · Post Post #14 (ISO) » Tue Nov 01, 2016 1:39 pm

I think we should just start using onion routing for everyone to access MS. Obviously we would not be allowed to have login names.

Imagine how much fun trying to play a game would be!

Realeo · Post Post #15 (ISO) » Tue Nov 01, 2016 1:41 pm

Tor is no longer safe

Zulfy · Post Post #16 (ISO) » Tue Nov 01, 2016 2:36 pm

I am so happy about this.

Zachrulez · Post Post #17 (ISO) » Tue Nov 01, 2016 3:35 pm

If you have the IP address of the perpetrator, you can probably match it or at least greatly narrow down who it might be by going through the list of users. (Or if you want to assume it's someone who's been banned that would probably be a lot faster.)

Majiffy · Post Post #18 (ISO) » Tue Nov 01, 2016 3:37 pm

I feel like anyone invasively attacking the site would probably be keen enough to take a number of precautions masking their IP.

Zachrulez · Post Post #19 (ISO) » Tue Nov 01, 2016 3:43 pm

You'd be surprised how often people forget to do the simple things.

InflatablePie · Post Post #20 (ISO) » Tue Nov 01, 2016 3:44 pm

idk if you can mask your IP while using a Wendy's POS

Sudo_Nym · Post Post #21 (ISO) » Tue Nov 01, 2016 3:56 pm

In post 20, InflatablePie wrote:idk if you can mask your IP while using a Wendy's POS

He's spoofed his location to trick us into thinking the attack came from McDonald's.

Majiffy · Post Post #22 (ISO) » Tue Nov 01, 2016 4:07 pm

In post 19, Zachrulez wrote:You'd be surprised how often people forget to do the simple things.

Yeah but...

That's like a recording engineer going to track a band and forgetting to plug in the microphone.

Some things you just do out of habit.

ISO · Post Post #23 (ISO) » Tue Nov 01, 2016 4:10 pm

Thankfully I have an absurdly long and nonsensical email password
Get rekt hacker(s?)

RachMarie · Post Post #24 (ISO) » Tue Nov 01, 2016 4:15 pm

Thanks for letting us know mith