1. Want to get our most recent announcements - and XP codes - in your email?

    Sign up for our brand new mailing list!

[Security] Data Breach and Information Leak

Discussion in 'Announcements' started by Navarr, May 9, 2016.

[Security] Data Breach and Information Leak
  1. Navarr Network Co-Lead

    XP:
    1,316,954xp
    [IMG]

    It is with great displeasure that I regret to inform you that in the days prior to the US server migration we suffered a breach into the Shotbow servers.

    The attacker gained access using well-trusted credentials that were accidentally leaked through a third-party breach. These credentials granted access to most of the Shotbow infrastructure, including files stored on Shotbow servers and access to the database.

    Our developers worked around the clock to shut down any compromised avenues of attack after the breach became known. We additionally moved the US server migration forward to best cut off any additional opportunities of attack.

    Situations such as this one are unfortunate, but a reality in the Information Age.

    While we have not yet seen any evidence of this information being leaked online, the following information is possessed by the attacker:

    • Usernames
    • One-Way-Hashed Shotbow.net Passwords
    • IP Addresses
    • Forum Information

    Any payment information would have been performed through Buycraft, which is hosted and run by a third party and so would not be part of the breach.

    While we do not believe Shotbow.net passwords are at any risk overall - them being secured with the best form of one-way hashing available to us - it is general security protocol to advise you to change this password wherever you may have used it. It is always recommended to use a different password on Shotbow.net Forums than you would anywhere else. It is a particularly good idea to ensure that your Shotbow.net password is different from your Mojang password in the event of information leaks from either source.

    This breach and the subsequent migration gave us ample opportunity to upgrade our security protocols to the latest in industry best-practices, and we are committed to reviewing and improving these practices over the coming months and years.

    Thank you for your loyalty. We will be happy to answer any questions or concerns you may have about this incident.

    We will be sending an email about this shortly to all registered Shotbow.net players.

  2. ACrispyTortilla Retired Staff

    XP:
    289,160xp
    Can they get your MC password or just your Shotbow.net forums pass?
    Tonkotsuramen921 likes this.
  3. Axyy Obsidian

    XP:
    104,327xp
    Wow, very shocked!
    Tonkotsuramen921 likes this.
  4. kscopekid Gold

    XP:
    149,956xp
    My ip D:
    FreeCookson and Ivandagiant like this.
  5. Axyy Obsidian

    XP:
    104,327xp
    Only the forum password.
    Tonkotsuramen921 likes this.
  6. Navarr Network Co-Lead

    XP:
    1,316,954xp

    They do not have your Mojang password. They have a one-way encrypted version of your forum password. (They cannot easily take this encrypted version to find your actual password).
    Tonkotsuramen921 and xcube like this.
  7. Axyy Obsidian

    XP:
    104,327xp
    Calm down, it will be fixed soon I guess. :stuck_out_tongue:
    Tonkotsuramen921 likes this.
  8. DallMit Regular Member

    XP:
    61,936xp
    Give some XP or something
    Edit: please
    mmertTR, nemo212, Matvey_nik and 2 others like this.
  9. Galap Developer

    XP:
    995,340xp
    This is an unfortunate bit of news however it is important to remember that this can happen to any organisation, no matter how large. Thank you to those who spent their day and night correcting the vulnerability and I'm glad to hear that it has helped the network to increase its security.

    If you're concerned about your IP, you may find the following link helpful: Here.
  10. MacWasPvp Platinum

    XP:
    191,402xp
    waw so we gotz r3k7?

    Ok, errbody CHILL OUT! :lmao:

    All it means is that some d00dface McPoopy got some info and stuff so it'll be fine unless there's like a hitman after you or something :stuck_out_tongue: Just change your password or... something and you'll be fiiiiiiiiine.
    LegendaryAlex likes this.
  11. softsocks Platinum

    XP:
    58,851xp
    So do we know who the attacker is? Or are we going to investigate??
    Tonkotsuramen921 likes this.
  12. Navarr Network Co-Lead

    XP:
    1,316,954xp

    We are not at liberty to talk about potential ongoing investigations.
    Tonkotsuramen921 likes this.
  13. Axyy Obsidian

    XP:
    104,327xp
  14. FireKnight1483 Gold

    XP:
    233,052xp
    Even if they do fix it, the hackers will always have access to the IP's that they got through this breach, so that isn't exactly something that anyone on Shotbow can fix...
    kscopekid likes this.
  15. Axyy Obsidian

    XP:
    104,327xp
    True, but I think they are not targetting our IPs.
    Tonkotsuramen921 likes this.
  16. Smartzz Platinum

    XP:
    104,863xp
    Guys, I think I found a hacker.

    But in all honesty, would they be selling IPs?! Similar to what that Minez Practice server did back in like 2012 I think. I remember mine was in fact sold.
    noahvr likes this.
  17. drewko09 Platinum

    XP:
    212,610xp
    Darn hackers! What were they using? Force field or fly
  18. Smartzz Platinum

    XP:
    104,863xp
    Worse, AIMBOT AND FF.
    mmertTR, drewko09 and noahvr like this.
  19. Axyy Obsidian

    XP:
    104,327xp
    Lol xd
    Tonkotsuramen921 likes this.
  20. wmn Administrator

    XP:
    451,537xp
    I have a question, why were we only notified of this now, if this happened before the US move? Shouldn't we have been notified right away to change our passwords, or were you not aware at the time that there was a leak, until today? This kind of thing hasn't happened before on Shotbow, as far as I know, but I use plenty of alts, and resetting the passwords on everything has been one hell of an experience today. I'm sure others are feeling the pain, and are wondering the same things I am

Share This Page