1. Want to get our most recent announcements - and XP codes - in your email?

    Sign up for our mailing list!

[Security] Data Breach and Information Leak

Discussion in 'Announcements' started by Navarr, May 9, 2016.

[Security] Data Breach and Information Leak | Page 5
  1. storm345 Retired Staff

    XP:
    632,098xp
    The breach was fixed almost immediately and thus the attackers have no way to alter anything. During the attack it appears no playerdata was altered - Nobody lost or will lose anything.
    Tonkotsuramen921 likes this.

  2. ThePandemos Platinum

    XP:
    30,182xp
    I keep shiny?
    :lmao: YAY
    Tonkotsuramen921 likes this.
  3. weco_paul Regular Member

    XP:
    3,692xp
    The IP concerns aren't so false on a minecraft server. You could easily develop a tool which automatically ddos every username seen in MineZ for example, because the usernames and IPs were leaked.
    xcube likes this.
  4. ItsJesseFFS Regular Member

    XP:
    1,155,019xp
    It seems like people are over-reacting here.

    The whole issue shouldn't directly affect anyone here, aside from a potential DDoS attack. Though, if you're concerned about that, I'd strongly recommend either contacting your ISP or doing some research on how to manually change your IP Address.

    As for passwords. If you have any doubt what-so-ever that your passwords aren't secure, or have been compromised, I'd recommend having them changed immediately. In addition to that, if you want to generate random strong passwords, you could use a utility such as KeePass. Password Managers are very good for securely storing your passwords, and most has their own built-in password generator. I personally use KeePass.

    What storm345 said here is correct:

  5. xcube Regular Member

    XP:
    40,197xp
    But if an attacker created a custom hacked client that only DDOS'ed players around them/players that they are pvping,
    such a pvp hack would not work on a lot of players (almost all of us have a dynamic IP).

    But why would someone go to all that trouble just to win in a pvp match, though? (granted some people would do that)
    How could someone make money from ddosing random minecraft players?
    (using the stolen information for ads like 1adog1 said mite be more profitable)
    Fluffoon likes this.
  6. ravenruiter Regular Member

    XP:
    2,860xp
    In the message is sayed that it is about the US server.
    I am from The Netherlands (sorry for bad language btw)
    so i am on the europa network i supose, so does it have any effect on me to?
  7. Navarr Councilor

    XP:
    1,333,433xp

    Yes. The primary data affected is the forum - which is shared between regions.
    Tonkotsuramen921 likes this.
  8. KazumiMishima44 Platinum

    XP:
    92,572xp
    Give this man a medal
  9. RosieBlock Platinum

    XP:
    43,185xp
    I am fine with the way this breach was handled. Good job and high fives all around.


    :zcool:
  10. Pokelex_XD Regular Member

    XP:
    5,417xp
    To the hackers: F*ck you guys^^ I have changed the most of my passwords because I use all the same:lmao:
    mmertTR likes this.
  11. Navarr Councilor

    XP:
    1,333,433xp

    I hope you took this opportunity to make your passwords different among services
    Tonkotsuramen921 likes this.
  12. Smartzz Emerald

    XP:
    194,786xp
    In case this helps, I was DDOSed last night. I was shut down and my wifi router was shut down.
  13. Navarr Councilor

    XP:
    1,333,433xp

    Not really. It's easy to point to this as a reason but from what we could tell the attacker didn't care about IP addresses at all.

    Remember, IP leaks can come from anywhere. If someone PMs you an image your IP can leak through that. If you skype someone - leak. Join a third party teamspeak - leak, etc etc.
    Tonkotsuramen921 likes this.
  14. MLGxSnipez Regular Member

    XP:
    2,479xp
    QUICK GUIDE (remove if you want OP):

    If you guys are worried about your IP:
    1. press windows key + r (at the same time)
    2. type "cmd" and hit enter
    3. type "ipconfig /release" (no quote marks, duh). A load of information should appear in the text box with information about your network adapters, ignore it and check that they all say "media disconnected" or something along that line. If you are REALLY paranoid, note this IP down.
    4. shut down computer and leave it overnight, read a book, watch tv, whatever you wanna do
    5. start computer again, and check if your internet is working.
    5a. if your internet is not working, open cmd again and type "ipconfig /renew" (no quote marks). Again, check the information that appears and see if a new address has been assigned. You should look for the section called "Wireless LAN adapter WiFi" and see if your IP has changed. If you wrote down a number earlier, check the two addresses and see if it has changed.

    This should reset your IP address and you will not have to wait for your ISP to assign a new one. For sure works on windows 8, 8.1 and 10, not sure about 7, Vista or XP.

    EMAILS/PASSWORDS:
    As for emails, spam filters should be good enough if you use something like Yahoo! or Gmail. Passwords should be unaffected unless your password is either:
    a) a really simple password (e.g. 12345, password, password12345, you get the point)
    b) a word from a dictionary, dictionary cracking attacks are the most common form of attack, and if your password is simply "school" or "apple", your account is at serious risk of compromise and the password should be changed imminently

    And, as a word of advice to any of you who skipped Internet 101, do not click any links which are not sent by an official mojang email address (which should be something like "[email protected]" or "[email protected]" or anything with "@shotbow.net").
    REMEMBER: IF THEY ARE SMART, A SPAMMER WILL SPOOF THE EMAIL ADDRESS. IF IT LOOKS FAKE, DO NOT CLICK IT. ALSO, CHECK FOR THE PADLOCK IN THE TOP CORNER OF YOUR BROWSER IF YOU DO CLICK ANYTHING.

    As for shotbow, my advice is simple: invest in 2-step authentication software for both your website and your users. Envoy do an excellent job of this (I have seen several websites use them) or you can use a different company. For those who are unaware: 2-step verification sends a code to your phone/email which is a temporary login token which is used to whitelist your IP to the account. Using this on user-accounts gives peace of mind and, god forbid anything like this happens again, will stop any account compromising from happening. If you have ever used Steam, you will understand what this is. Gmail also offer this system, and recent versions of Origin have used Google Authenticator to fix this as well.
    As for me, I will be changing my passwords (I am one of those security freaks I mentioned) and taking measures to secure my accounts.

    TL;DR: change your password if your password is in the dictionary. Reset your IP if you are afraid of DDOS.

    Also, if you worry about this happening before to you, I reccommend using haveibeenpwned.com, it will scan if your account was breached in anything else like this and allows you to recieve an email if it is.
  15. Sercelix Obsidian

    XP:
    20xp
    The likelihood of these "great" hackers not getting our passwords is extremely difficult to believe, and sure, you can put the whole "our passwords are highly encrypted" idea in front of my face, but encryptions aren't difficult with the proper knowledge. Meaning if this person got all that information, they get the rest easily. IMHO I believe this is just a ruse to sell our emails and such to bigger companies and stuff like that. Not pointing fingers to Shotbow, but just a thought.
    Tonkotsuramen921 likes this.
  16. VictorLight Regular Member

    XP:
    199,159xp
    What are we supposed to do here? do we change passwords or what cause i don't get your point here
  17. Sercelix Obsidian

    XP:
    20xp
    Big companies sell stuff like that all the time for pennies practically.
    Tonkotsuramen921 likes this.
  18. MLGxSnipez Regular Member

    XP:
    2,479xp
    Tom Scott does a very good job of explaining this

    Turqula likes this.
  19. Turqula Regular Member

    XP:
    9,297xp
    Hashing will almost definitely keep passwords safe, unless its a grossly misused hashing algorithm like Adobe did a few years back, and HOPEFULLY they arent using some broken one like MD5.
  20. SocomX1 Retired Staff

    XP:
    293,866xp
    As said so many times previously in this thread, you can't just magically convert these hashed passwords to plaintext. Regardless of one's knowledge of computers or information security, that isn't how this works. Please do not spread misinformation on this thread.

    That's not even remotely true.

    If you used the same password on Shotbow.net anywhere else, it is recommended you change that password. That's it.

Share This Page