1. At this time we are unable to service emails to Outlook, Hotmail, or other Microsoft-provided email addresses. If you are using one of these providers you will be unable to /register for an account or receive password reset emails.

    If your account uses one of these providers, you can use the command /changeemail in game to change to another email account. If you did not receive your registration email, you may acquire it by resetting your password on the website once you have changed to a non-Microsoft email.

  2. Want to get our most recent announcements - and XP codes - in your email?

    Sign up for our brand new mailing list!

[Security] Data Breach and Information Leak

Discussion in 'Announcements' started by Navarr, May 9, 2016.

[Security] Data Breach and Information Leak
  1. Navarr Network Co-Lead

    XP:
    632,601xp
    [IMG]

    It is with great displeasure that I regret to inform you that in the days prior to the US server migration we suffered a breach into the Shotbow servers.

    The attacker gained access using well-trusted credentials that were accidentally leaked through a third-party breach. These credentials granted access to most of the Shotbow infrastructure, including files stored on Shotbow servers and access to the database.

    Our developers worked around the clock to shut down any compromised avenues of attack after the breach became known. We additionally moved the US server migration forward to best cut off any additional opportunities of attack.

    Situations such as this one are unfortunate, but a reality in the Information Age.

    While we have not yet seen any evidence of this information being leaked online, the following information is possessed by the attacker:

    • Usernames
    • One-Way-Hashed Shotbow.net Passwords
    • IP Addresses
    • Forum Information

    Any payment information would have been performed through Buycraft, which is hosted and run by a third party and so would not be part of the breach.

    While we do not believe Shotbow.net passwords are at any risk overall - them being secured with the best form of one-way hashing available to us - it is general security protocol to advise you to change this password wherever you may have used it. It is always recommended to use a different password on Shotbow.net Forums than you would anywhere else. It is a particularly good idea to ensure that your Shotbow.net password is different from your Mojang password in the event of information leaks from either source.

    This breach and the subsequent migration gave us ample opportunity to upgrade our security protocols to the latest in industry best-practices, and we are committed to reviewing and improving these practices over the coming months and years.

    Thank you for your loyalty. We will be happy to answer any questions or concerns you may have about this incident.

    We will be sending an email about this shortly to all registered Shotbow.net players.

  2. ACrispyTortilla SMASH Mini Admin

    XP:
    20,282xp
    Can they get your MC password or just your Shotbow.net forums pass?
    Tonkotsuramen921 likes this.
  3. Axyy Obsidian

    XP:
    59,369xp
    Wow, very shocked!
    Tonkotsuramen921 likes this.
  4. kscopekid Gold

    XP:
    148,836xp
    My ip D:
    FreeCookson and Ivandagiant like this.
  5. Axyy Obsidian

    XP:
    59,369xp
    Only the forum password.
    Tonkotsuramen921 likes this.
  6. Navarr Network Co-Lead

    XP:
    632,601xp

    They do not have your Mojang password. They have a one-way encrypted version of your forum password. (They cannot easily take this encrypted version to find your actual password).
    Tonkotsuramen921 and xcube like this.
  7. Axyy Obsidian

    XP:
    59,369xp
    Calm down, it will be fixed soon I guess. :stuck_out_tongue:
    Tonkotsuramen921 likes this.
  8. DallMit Regular Member

    XP:
    61,856xp
    Give some XP or something
    Edit: please
    mmertTR, nemo212, Matvey_nik and 2 others like this.
  9. Galap Developer

    XP:
    651,519xp
    This is an unfortunate bit of news however it is important to remember that this can happen to any organisation, no matter how large. Thank you to those who spent their day and night correcting the vulnerability and I'm glad to hear that it has helped the network to increase its security.

    If you're concerned about your IP, you may find the following link helpful: Here.
  10. MacWasPvp Platinum

    XP:
    183,984xp
    waw so we gotz r3k7?

    Ok, errbody CHILL OUT! :lmao:

    All it means is that some d00dface McPoopy got some info and stuff so it'll be fine unless there's like a hitman after you or something :stuck_out_tongue: Just change your password or... something and you'll be fiiiiiiiiine.
    LegendaryAlex likes this.
  11. softsocks Platinum

    XP:
    57,666xp
    So do we know who the attacker is? Or are we going to investigate??
    Tonkotsuramen921 likes this.
  12. Navarr Network Co-Lead

    XP:
    632,601xp

    We are not at liberty to talk about potential ongoing investigations.
    Tonkotsuramen921 likes this.
  13. Axyy Obsidian

    XP:
    59,369xp
  14. FireKnight1483 Gold

    XP:
    134,580xp
    Even if they do fix it, the hackers will always have access to the IP's that they got through this breach, so that isn't exactly something that anyone on Shotbow can fix...
    kscopekid likes this.
  15. Axyy Obsidian

    XP:
    59,369xp
    True, but I think they are not targetting our IPs.
    Tonkotsuramen921 likes this.
  16. Smartz_ Platinum

    XP:
    166,605xp
    Guys, I think I found a hacker.

    But in all honesty, would they be selling IPs?! Similar to what that Minez Practice server did back in like 2012 I think. I remember mine was in fact sold.
    noahvr likes this.
  17. drewko09 Mini Builder

    XP:
    112,811xp
    Darn hackers! What were they using? Force field or fly
  18. Smartz_ Platinum

    XP:
    166,605xp
    Worse, AIMBOT AND FF.
    mmertTR, drewko09 and noahvr like this.
  19. Axyy Obsidian

    XP:
    59,369xp
    Lol xd
    Tonkotsuramen921 likes this.
  20. wmn Platinum

    XP:
    281,218xp
    I have a question, why were we only notified of this now, if this happened before the US move? Shouldn't we have been notified right away to change our passwords, or were you not aware at the time that there was a leak, until today? This kind of thing hasn't happened before on Shotbow, as far as I know, but I use plenty of alts, and resetting the passwords on everything has been one hell of an experience today. I'm sure others are feeling the pain, and are wondering the same things I am

Share This Page