MCBans Public Statement

Also got the fake email..
MCbans.com

forum.mcbans.com

That doesn't seem to comply with:

 

In other words: The breach was done though an exploit on the forum software. Once in that server, the group found a old repository for MCBAN Backups. Because of this, your email could of showed up in one of two locations: compromised on the forums -> or inside the older backup. Since the forums was a separate service, not everyone who has a mcbans account was targeted, but the email was set out to anyone with a forum account and/or was in the old backup.

 

That is correct.

 

Except that this is impossible because I made my account AFTER the backup date and I had NO forums account whatsoever. Which means that there has to be something else working right now.

Exactly what Jamy is saying.

 

Then you did not get an email due to mcbans, as that is all the data they stole.

 

I don't know why they would've sent me a message about mcbans if they found my email on bukkit or whereever else..

 

I am unsure as well, can you provide your email address in a PM and I can look it up.

 

Any chance you can be more specific with "April 2011". Like an actual day?

 

before the 15th of April

 

I too received an email from the mcbans@ddoscom and did not have an account on the forums. I joined in May of 2011.


Something is just not adding up here. I will attach a pic of the email with my address so you can look it up. (The blanked out email is my other personal one. As you see, it was sent to the Gmail one)'

 

And I got no email myself.... quite strange.

 

See if it was isolated to this particular person than I would think something was up. The fact that several people are popping up that do NOT fit the range you specified at all @Firestar, it is showing that more was stolen than you perhaps think.

This isn't an attempt to flame you or anything; I am merely seeking to see what the potential real damage is here and protect the users involved. I hope you yourself can see that it can only be a coincidence so many times.

 

That would be dearly impossible as the main server never became vulnerable, or hacked. as for how the emails received the email, it could not have been due to the hack.

 

Internal leak of some kind, maybe?

 

Let me ask then, where else would these emails be coming from? Yes, the same email was used for Bukkit and Minecraft, but then again, why would I get an MCBans email?

 

@Firestar My account was made on in August 2011 and I DO NOT have a forums account, I received a email from mcbans@ddosblah (cant remember) Now I don't want your usual crappy answer I want the truth Was any more of it hacked? Because how else could I have got this email.

 

The information that was stolen as taken from the April 15th and earlier. nothing else was taken except the forums.

 

Please stop being vague with answers. It is no way to handle PR.

Obviously something else happened because people who signed up after that date are getting emails. See MY POST ABOVE

 

I still find this very questionable. There are users who never claimed to have a forum account, and or registered after the time you listed, yet still recieved an email. If you say:

Then how can someone like @macman get an email? And please don't quote me the same thing from the first post like you have the last 5 times someone has asked, I've read that. I know what you've said.
EDIT: I'm not trying to flame you at all, just get answers.

 

@Firestar

I am not here to bash you so please do not assume that from this post. Perhaps you should go back and make certain nothing else was accessed because as people have mentioned, it seems like more was taken then originally thought.

I am not saying you are wrong, I am simply saying perhaps you are not correct on your time frame.


@Everyone else

Play nice now.

 

I have, and there is nothing else stolen except for the information already provided.

 

I'm not being polite any more, GIVE US SOME ANSWERS THEY CANT JUST GUESS EMAILS, THESE EMAILS ARE TARGETED SO DON'T SAY "your email came from somewhere else" People have been getting emails and they WERE NOT REGISTERED ON THE FORUMS AND SOME ONLY REGISTERED FOR MCBANS 2 WEEKS AGO, I'm sorry if this breaks any rules but this is beyond a fucking joke now, FIND OUT WHAT THE FUCK has happened.

 

You do know that you can spoof email addresses?

 

For everyone who got the email: It should be noted that it did NOT come from the mcbans server, but from a third party who sent it out to everyone on behalf of the team that did the intrusion. Coming from a technology background, there's more then one way to find your email and it's demoralizing nature is intended to make you question what else has been touched or cracked.

From a psychological standpoint, that email is most likely the only thing most people are going to see due to the breach, but also the most damaging thing since it leaves everyone feeling insecure. I know I freaked out on seeing it, but after looking around the Googles for a bit, I can safely say that that's most likely the worst thing most people are going to experience.

Still: it is a security breach, and as such everyone must make sure to secure themselves by changing your passwords, and try limiting the possible damage from someone having your email address. Make sure that your email account has it's own and unique password compared to anything else online, and consider what sites you use that might share the same password that was on the mcbans site or forums.

If I may suggest, I use LastPass to help me generate new passwords, store them and make them available from my home system and phone. Also this comic is always relevent: http://xkcd.com/936/

 

What you mean I can or they can?

 

I mean they can.

I believe it is called spoofing........or is it masquerading........IDK.. But they can send an email from their mail servers and make it appear as if it was from MCBans.com

 

I lol'd. Way to get a infraction.
But anyway, sorry if it seems like were bashing you @Firestar . This is a bad situation for everyone involved, and we just want answers.

 

I will review the issue of other leaked emails.

 

We know it wasn't from mcbans, but the fact that Firestar said only the old database was stolen is wrong, as we were not in that old database. There's no way they could've bruteforced those emails ...

 

@NinjaGrinch While I hate to argue with your moderator skills but according to the rules I am allowed to swear as long as I don't do it often, So I slightly feel that warning/infraction was a bit unfair for 2 swear words.