• Light/Dark
  • Ever wanted an RSS feed of all your favorite gaming news sites? Go check out our new Gaming Headlines feed! Read more about it here.
  • We have made minor adjustments to how the search bar works on ResetEra. You can read about the changes here.

Potential ResetEra Data Breach (Appears to be False, See Threadmark)

Status
Not open for further replies.
Falchion

Falchion

Member
Oct 25, 2017
40,944
Boise
Not trying to create a panic but this morning, someone on Twitter claimed that ResetEra had been breached and user data including emails and passwords had been leaked online. I posted this in the site issues thread and messaged staff, but no one has responded so far. Given how serious this is, I wanted to make sure everyone was aware so users could change their passwords on Era and emails / other accounts as soon as possible.

I'm not sure how reliable this person is, but regardless, it would be a good idea for everyone to change their password and enable two factor authentication just in case this turns out to be real.

Grw2YkP.png


[Mod edit: Switched to screengrab]

Staff response:

Official Staff Communication
Let's clear this up: Our tech team investigated claims of a data breach and found no evidence of such on our end. We have no reason to believe our database has been compromised. What appears to have happened is that a determined troll gained access to a small number of accounts through known-leaked passwords (from breaches on other sites) and/or brute forcing weak passwords. One of the IPs used by the troll in question, not to mention the writing style, matches those used by a banned member who has long been engaged in alt right harassment against our community.

With all of that in mind we declined to engage the troll. What we did do is force the affected accounts to reset their passwords, and each of those individuals was contacted to inform them of what happened. We also updated our General Guide with recommendations on personal and account security.

Again, we have no reason to believe there has been a data breach, but both here and everywhere all members should take care to use strong passwords that are unique to each site.
 
Last edited by a moderator:
BDS

BDS

Banned
Oct 25, 2017
13,845
Luckily I use a password manager so no two sites have the same password. Everyone else should too.
 
uzipukki

uzipukki

Attempted to circumvent ban with alt account
Banned
Oct 25, 2017
5,722
This woman works for Colin Moriarty? Lol.
 
Mivey

Mivey

Member
Oct 25, 2017
17,826
I expect Era admins are already informed about this, so it's a bit dissappoing that they aren't the first to go public about it. I get avoiding panic, but in such a situation you should swallow your pride and get people to change their password, ASAP. Especially as a lot people reuse it for lots things.
 
Mgs2master2

Mgs2master2

One Winged Slayer
The Fallen
Oct 25, 2017
2,861
I would change it but take her word for a grain of salt. She isn't the most reliable source.
 
Response from the team
  • Index
    • B-Dubs

    B-Dubs

    That's some catch, that catch-22
    On Break
    Oct 25, 2017
    32,773
    Official Staff Communication
    Let's clear this up: Our tech team investigated claims of a data breach and found no evidence of such on our end. We have no reason to believe our database has been compromised. What appears to have happened is that a determined troll gained access to a small number of accounts through known-leaked passwords (from breaches on other sites) and/or brute forcing weak passwords. One of the IPs used by the troll in question, not to mention the writing style, matches those used by a banned member who has long been engaged in alt right harassment against our community.

    With all of that in mind we declined to engage the troll. What we did do is force the affected accounts to reset their passwords, and each of those individuals was contacted to inform them of what happened. We also updated our General Guide with recommendations on personal and account security.

    Again, we have no reason to believe there has been a data breach, but both here and everywhere all members should take care to use strong passwords that are unique to each site.
     
    Last edited by a moderator:
  • Index
    • Kittens McMittens

    Kittens McMittens

    Member
    Nov 14, 2017
    4,928
    If user passwords were leaked as the result of a breach, that would mean they aren't stored as hashes. So, either Era has literally no password security (doubtful?) or the passwords were just easy/common passwords that were easy to rainbow table.

    Or, failing that, it's just users who used the same username / password elsewhere and Era wasn't even breached.
     
    Gemüsepizza

    Gemüsepizza

    Member
    Oct 26, 2017
    2,541
    Sounds like bullshit. Passwords are usually stored as hashes, not in clear text. Normally, they can't be used to log into accounts (only if you used really weak passwords). And the twitter user is a right-wing lunatic who recently wrote an article about a conspiracy that prevents conservative devs to get into the industry.
     
    SpottieO

    SpottieO

    Member
    Oct 25, 2017
    11,613
    Claiming a data breach would be a super easy way to try and sow discord on a site that the alt-right dislikes.
     
    sangreal

    sangreal

    Banned
    Oct 25, 2017
    10,890
    There is no way modern forum software like xenforo is storing passwords. Hashes maybe
     
    OP
    OP
    Falchion

    Falchion

    Member
    Oct 25, 2017
    40,944
    Boise
    B-Dubs said:
    Official Staff Communication

    Let's clear this up:

    Our tech team investigated claims of a data breach and found no evidence of such on our end. Our database has not been compromised. What appears to have happened is that a determined troll gained access to a small number of accounts through known-leaked passwords (from breaches on other sites) and/or brute forcing weak passwords. One of the IPs used by the troll in question, not to mention the writing style, matches those used by a banned member who has long been engaged in alt right harassment against our community.

    With all of that in mind we declined to engage the troll. What we did do is force the affected accounts to reset their passwords, and each of those individuals was contacted to inform them of what happened. We also updated our General Guide with recommendations on personal and account security. Again, there was no data breach, but both here and everywhere all members should take care to use strong passwords that are unique to each site.
    Click to expand...
    Click to shrink...

    Good to know. Thanks for the update! I know staff are working diligently on it.
     
    Daphne

    Daphne

    Avenger
    Oct 27, 2017
    3,690
    I changed my password anyway. Regardless of the situation, it's always a good idea to make regular changes.

    I knew it wasn't a good idea to make it the same as my username anyway, so I used Stinkles' name instead. Yep, I'm smart!
     

    Deleted member 21411

    Account closed at user request
    Banned
    Oct 28, 2017
    4,907
    Kinda have my doubts personally just because of who it is. But if you all give me your private info including credit card information I can make sure no one will touch it
     
    Primus

    Primus

    Member
    Oct 25, 2017
    3,836
    B-Dubs said:
    Official Staff Communication
    Let's clear this up: Our tech team investigated claims of a data breach and found no evidence of such on our end. We have no reason to believe our database has been compromised. What appears to have happened is that a determined troll gained access to a small number of accounts through known-leaked passwords (from breaches on other sites) and/or brute forcing weak passwords. One of the IPs used by the troll in question, not to mention the writing style, matches those used by a banned member who has long been engaged in alt right harassment against our community.

    With all of that in mind we declined to engage the troll. What we did do is force the affected accounts to reset their passwords, and each of those individuals was contacted to inform them of what happened. We also updated our General Guide with recommendations on personal and account security.

    Again, we have no reason to believe there has been a data breach, but both here and everywhere all members should take care to use strong passwords that are unique to each site.
    Click to expand...
    Click to shrink...

    Thanks for the quick update, B-Dubs.
     

    Deleted member 11637

    Oct 27, 2017
    18,204
    Changed mine just to be safe, better luck next time Hackerman!
     
    WedgeX

    WedgeX

    Member
    Oct 27, 2017
    13,193
    B-Dubs said:
    Official Staff Communication
    Let's clear this up:

    Our tech team investigated claims of a data breach and found no evidence of such on our end. Our database has not been compromised. What appears to have happened is that a determined troll gained access to a small number of accounts through known-leaked passwords (from breaches on other sites) and/or brute forcing weak passwords. One of the IPs used by the troll in question, not to mention the writing style, matches those used by a banned member who has long been engaged in alt right harassment against our community.

    With all of that in mind we declined to engage the troll. What we did do is force the affected accounts to reset their passwords, and each of those individuals was contacted to inform them of what happened. We also updated our General Guide with recommendations on personal and account security. Again, there was no data breach, but both here and everywhere all members should take care to use strong passwords that are unique to each site.
    Click to expand...
    Click to shrink...

    Ah. Good to know.
     
    Chessguy1

    Chessguy1

    Member
    Oct 25, 2017
    3,803
    If this is real, ResetEra is over.

    As far as i know, no company has survived a data breach.

    /s
     
    Last edited:
    Mivey

    Mivey

    Member
    Oct 25, 2017
    17,826
    B-Dubs said:
    Official Staff Communication
    Let's clear this up: Our tech team investigated claims of a data breach and found no evidence of such on our end. We have no reason to believe our database has been compromised. What appears to have happened is that a determined troll gained access to a small number of accounts through known-leaked passwords (from breaches on other sites) and/or brute forcing weak passwords. One of the IPs used by the troll in question, not to mention the writing style, matches those used by a banned member who has long been engaged in alt right harassment against our community.

    With all of that in mind we declined to engage the troll. What we did do is force the affected accounts to reset their passwords, and each of those individuals was contacted to inform them of what happened. We also updated our General Guide with recommendations on personal and account security.

    Again, we have no reason to believe there has been a data breach, but both here and everywhere all members should take care to use strong passwords that are unique to each site.
    Click to expand...
    Click to shrink...
    Thanks for the fast response!
     
    Status
    Not open for further replies.