Hello,
As most of you are aware - the website was breached earlier this month. In an immediate attempt to mitigate any further intrustion and minimize damage we immediately shut the site down. This was critical, because directly following the hack we were unaware of how the intruder gained acces. However upon nearly 2 weeks of examination we finally found the point of intrusion. That issue was resolved, and a few other issues we found along the way were also fixed. vBulletin was also upgraded as was several other scripts. We made several changes to the password algorithm as well. We were originally under the impression that the user/password tables were compromised and decrypted. That, fortunately, was not the case. We determined there to be a logger in place hidden in an area of the website that was actually saving usernames/passwords as you logged into the website. This was then published on the main page through the template system. We cannot be fully certain however that password hashes and salts were not taken and they are attempting to crack them using dictionarys/tables. SO, to combat such issues we have added hundreds of new rules to our firewalls, and are forcing a password reset on the entire boards, using the new higher encryption method. Everyone was sent a new password to login to the boards, if you did not get this email please check your spam folder or click the 'forgot password' link at the top of the page under the Login boxes, and follow the forms there to have a new password sent.
Management and I take this incident extremely serious. Our relationship with you our members, and in particular the confidentiality of your subscriber information are critically important to me, and my vision for these boards. We have taken a secure and preventive approach from the very beginning and were happy to say this has never happened in the 11 years we have been at the helm. We unfortunately reset that number now, but are taking strides to ensure it doesn't happen again. We also are continuing to work closely with law enforcement in an investigation into the matter and will assist with the identification and prosecution of the individual(s) responsible. What was done is illegal, and not tolerated.
If you notice any issues with the boards, please send me a PM -- or email me, [email protected] so I can investigate it immediately. Several changes were made, and it's nearly impossible to debug everything without some helping hands.
Useful Link : Forgot Password ( Reset Password ) / NEVER RECEIVED NEW PASSWORD Link --- Lost Password Recovery Form - Noob Galore Gaming Community
*You MUST have access to your email on file to utilize this link.
Update: We have also disabled the BLOGS feature of the website, this area was utilized very little, and exposes potential security risks, so we nixed it. This may come back in a future update--All content has been retained and posts counts remain the same.
Update: We have removed the ARCADE feature of the website, this area also posed significant threats with numerous points of injection. This will not be coming back.
Update: Lastly, we have also removed the GROUPS feature of the website. This also exposes potential areas of abuse, and was utilized minimally as we typically utilize steam groups in favor of.
UPDATE: IF YOU HAVE NOT RECEIVED YOUR PASSWORD BY 4/30/2015 at 4:00 PM EST then you can use the LOST PW feature to reset your password. Prior to the script ending, your password would then be reset, and need to be reset again. so please wait until that time period to utilize that link.
UPDATE: If you use LIVE.COM, HOTMAIL.COM or other YAHOO/MSN email accounts chances are you will not receive the reset password email, and will need to use the forgot password link tomorrow evening. This is due to Yahoo's strict email rules, and them getting upset that we sent out emails, and more than 50 have returned with 'non exhistant user' (We obviously have people who change providers or emails change, and weve never sent a mass mailing so this will be our first time to be able and remove bouncebacks.) I apologize for this.
Graciously,
Adam
Bookmarks