MCBans Public Statement

Discussion in 'Bukkit Discussion' started by Firestar, Jan 8, 2012.

Thread Status:
Not open for further replies.
  1. Offline

    Jamy

    Also got the fake email..
    MCbans.com
    forum.mcbans.com
    That doesn't seem to comply with:
     
  2. Offline

    Xander0311

    In other words: The breach was done though an exploit on the forum software. Once in that server, the group found a old repository for MCBAN Backups. Because of this, your email could of showed up in one of two locations: compromised on the forums -> or inside the older backup. Since the forums was a separate service, not everyone who has a mcbans account was targeted, but the email was set out to anyone with a forum account and/or was in the old backup.
     
  3. Offline

    Firestar

    That is correct.
     
  4. Offline

    Noman_1000

    Except that this is impossible because I made my account AFTER the backup date and I had NO forums account whatsoever. Which means that there has to be something else working right now.

    Exactly what Jamy is saying.
     
  5. Offline

    Firestar

    Then you did not get an email due to mcbans, as that is all the data they stole.
     
  6. Offline

    Jamy

    I don't know why they would've sent me a message about mcbans if they found my email on bukkit or whereever else..
     
  7. Offline

    Firestar

    I am unsure as well, can you provide your email address in a PM and I can look it up.
     
  8. Offline

    PhantomGamers

    Any chance you can be more specific with "April 2011". Like an actual day?
     
  9. Offline

    Firestar

    before the 15th of April
     
    hatstand and PhantomGamers like this.
  10. Offline

    Tylerjd

    I too received an email from the mcbans@ddoscom and did not have an account on the forums. I joined in May of 2011.

    [​IMG]
    Something is just not adding up here. I will attach a pic of the email with my address so you can look it up. (The blanked out email is my other personal one. As you see, it was sent to the Gmail one)'

    [​IMG]
     
    hatstand likes this.
  11. Offline

    PhantomGamers

    And I got no email myself.... quite strange.
     
  12. Offline

    NinjaZidane

    See if it was isolated to this particular person than I would think something was up. The fact that several people are popping up that do NOT fit the range you specified at all @Firestar, it is showing that more was stolen than you perhaps think.

    This isn't an attempt to flame you or anything; I am merely seeking to see what the potential real damage is here and protect the users involved. I hope you yourself can see that it can only be a coincidence so many times.
     
    Sayshal likes this.
  13. Offline

    Firestar

    That would be dearly impossible as the main server never became vulnerable, or hacked. as for how the emails received the email, it could not have been due to the hack.
     
  14. Offline

    Jamy

    Internal leak of some kind, maybe?
     
  15. Offline

    Tylerjd

    Let me ask then, where else would these emails be coming from? Yes, the same email was used for Bukkit and Minecraft, but then again, why would I get an MCBans email?
     
  16. Offline

    macman

    @Firestar My account was made on in August 2011 and I DO NOT have a forums account, I received a email from mcbans@ddosblah (cant remember) Now I don't want your usual crappy answer I want the truth Was any more of it hacked? Because how else could I have got this email.
     
  17. Offline

    Firestar

    The information that was stolen as taken from the April 15th and earlier. nothing else was taken except the forums.
     
  18. Offline

    Tylerjd

    Please stop being vague with answers. It is no way to handle PR.

    Obviously something else happened because people who signed up after that date are getting emails. See MY POST ABOVE
     
  19. Offline

    tips48

    I still find this very questionable. There are users who never claimed to have a forum account, and or registered after the time you listed, yet still recieved an email. If you say:
    Then how can someone like @macman get an email? And please don't quote me the same thing from the first post like you have the last 5 times someone has asked, I've read that. I know what you've said.
    EDIT: I'm not trying to flame you at all, just get answers.
     
    Tylerjd likes this.
  20. Offline

    NinjaGrinch

    @Firestar

    I am not here to bash you so please do not assume that from this post. Perhaps you should go back and make certain nothing else was accessed because as people have mentioned, it seems like more was taken then originally thought.

    I am not saying you are wrong, I am simply saying perhaps you are not correct on your time frame.


    @Everyone else

    Play nice now.
     
    Jamy likes this.
  21. Offline

    Firestar

    I have, and there is nothing else stolen except for the information already provided.
     
  22. Offline

    macman

    I'm not being polite any more, GIVE US SOME ANSWERS THEY CANT JUST GUESS EMAILS, THESE EMAILS ARE TARGETED SO DON'T SAY "your email came from somewhere else" People have been getting emails and they WERE NOT REGISTERED ON THE FORUMS AND SOME ONLY REGISTERED FOR MCBANS 2 WEEKS AGO, I'm sorry if this breaks any rules but this is beyond a fucking joke now, FIND OUT WHAT THE FUCK has happened.
     
    alexanderpas, Noman_1000 and Jamy like this.
  23. Offline

    Nathan C

    You do know that you can spoof email addresses?
     
  24. Offline

    Xander0311

    For everyone who got the email: It should be noted that it did NOT come from the mcbans server, but from a third party who sent it out to everyone on behalf of the team that did the intrusion. Coming from a technology background, there's more then one way to find your email and it's demoralizing nature is intended to make you question what else has been touched or cracked.

    From a psychological standpoint, that email is most likely the only thing most people are going to see due to the breach, but also the most damaging thing since it leaves everyone feeling insecure. I know I freaked out on seeing it, but after looking around the Googles for a bit, I can safely say that that's most likely the worst thing most people are going to experience.

    Still: it is a security breach, and as such everyone must make sure to secure themselves by changing your passwords, and try limiting the possible damage from someone having your email address. Make sure that your email account has it's own and unique password compared to anything else online, and consider what sites you use that might share the same password that was on the mcbans site or forums.

    If I may suggest, I use LastPass to help me generate new passwords, store them and make them available from my home system and phone. Also this comic is always relevent: http://xkcd.com/936/
     
    PhantomGamers likes this.
  25. Offline

    macman

    What you mean I can or they can?
     
  26. Offline

    Nathan C

    I mean they can.

    I believe it is called spoofing........or is it masquerading........IDK.. But they can send an email from their mail servers and make it appear as if it was from MCBans.com
     
  27. Offline

    tips48

    I lol'd. Way to get a infraction.
    But anyway, sorry if it seems like were bashing you @Firestar . This is a bad situation for everyone involved, and we just want answers.
     
  28. Offline

    Firestar

    I will review the issue of other leaked emails.
     
  29. Offline

    Jamy

    We know it wasn't from mcbans, but the fact that Firestar said only the old database was stolen is wrong, as we were not in that old database. There's no way they could've bruteforced those emails ...
     
  30. Offline

    macman

    @NinjaGrinch While I hate to argue with your moderator skills but according to the rules I am allowed to swear as long as I don't do it often, So I slightly feel that warning/infraction was a bit unfair for 2 swear words.
     
Thread Status:
Not open for further replies.

Share This Page