| Author |
IMPORTANT NOTIFICATION CONCERNING YOUR DARKSPACE ACCOUNT |
Pantheon
Marshal
Palestar
Joined: May 29, 2001
Posts: 1789
|  Posted: 2012-08-19 13:57
We recently discovered that an unauthorised intruder gained access to one of our development servers. We're unsure of whether our database has been breached or not, but as a precaution we have emailed all users and reset passwords.
The database in question holds account names, passwords, user information relating to the game, and email addresses.
Due to the fact that all of our billing is done off-site by Paypal, no credit card information was accessed or compromised.
We have already taken action to seal the breach, and have discontinued all user uploads to the website for the forseeable future.
Should you have any other online accounts that share a password with your DarkSpace account, please take steps to change the password immediately.
We apologise for any inconvenience this may have caused you. If you have further questions, please email support@palestar.com
[ This Message was edited by: Pantheon on 2012-08-19 16:43 ]
_________________
|
Mr Black
Grand Admiral
Palestar
Joined: September 20, 2003
Posts: 486
From: Gaifenland
| Posted: 2012-08-19 18:40
As a general tip:
If you were using the same email/password as your DarkSpace Account on any other non-Palestar service, you should change those too as a safety precaution.
_________________
 \\r\\n
DarkSpace Administrator - \\r\\n
drafell@palestar.com
|
apate
Fleet Admiral
Joined: March 21, 2010
Posts: 205
| Posted: 2012-08-19 20:58
So wait, are our passwords stored in a reversible form, instead of a salted hash? That would be rather worrying.
_________________
|
JBud
Marshal
Joined: February 26, 2008
Posts: 1900
From: Behind you.
| Posted: 2012-08-19 20:59
Quote:
|
On 2012-08-19 20:58, Athenian General wrote:
So wait, are our passwords stored in a reversible form, instead of a salted hash? That would be rather worrying.
|
|
I have to agree with this, but hey, it is a very old version of phpbb.
_________________
[-Point Jumper-][-Privateer Elite-][-Summus Dux-][-Praeclarae-]
[img(RIP MY SIGNATURE DELETED AFTER 7 YEARS/img]
''Insisto Rector - Suivez le Guide - Tempus hostium est''
|
Pantheon
Marshal
Palestar
Joined: May 29, 2001
Posts: 1789
| Posted: 2012-08-19 21:27
We're not sure if the user had access to the database or not, or even if they managed to pull any data if they did, but it'd be foolish not to reset passwords regardless of any form of encryption used.
It might be the case that the only two people compromised where Faustus and myself, as those are the only accounts that were used to attempt login on our development machines. However, it'd be extremely foolish not to take precautions. We're treating this as a worst case scenario, but the reality is that it probably isn't anywhere near that bad.
[ This Message was edited by: Pantheon on 2012-08-19 21:31 ]
_________________
|
NinjaGinga
Captain
Joined: December 02, 2005
Posts: 29
| Posted: 2012-08-19 22:49
Good precaution to take resetting the passwords, hopefully you can help me with a problem i'm having as a result. My main account "Riley!" is registered to an email address that I can't remember so I can not reset the password. I'm not sure what to do... I've tried every email that I actively use and no luck.
_________________
|
Faustus
Marshal
Palestar
Joined: May 29, 2001
Posts: 2748
From: Austin, Texas
| Posted: 2012-08-19 22:56
Quote:
|
On 2012-08-19 22:49, NinjaGinga wrote:
Good precaution to take resetting the passwords, hopefully you can help me with a problem i'm having as a result. My main account "Riley!" is registered to an email address that I can't remember so I can not reset the password. I'm not sure what to do... I've tried every email that I actively use and no luck.
|
|
Submit a support Ticket, we will get you fixed up.
_________________
|
NinjaGinga
Captain
Joined: December 02, 2005
Posts: 29
| Posted: 2012-08-19 23:05
Thank you F
_________________
|
GunsOfHonor
Fleet Admiral
Joined: July 31, 2011
Posts: 191
| Posted: 2012-08-20 00:15
OMG.....i was scared i thought someone deleted my account i was bout to cry thank you fautus and all you devs
[ This Message was edited by: Curiosity on 2012-08-20 00:23 ]
_________________
|
Entil-Zha the Starkiller
Chief Marshal
Ravenous Wolfpack Clan
Joined: May 02, 2005
Posts: 261
From: Arizona - Where DST is a myth
| Posted: 2012-08-20 01:03
For the record...
This post's title reminds me all too much of the email spam I get "regarding my account" that supposedly is with some random bank in Canada or Ireland (I'm sure there are more) that I never heard of, that if no action is taken it will be frozen or some such.
Also, turned out that Battle.net got hit also. I dont play on there much anymore but good thing I added an authenticator to my account there.
_________________
\"Oh you could do that. And I could nail your head to the table, set fire to it,
and feed the charred remains to the Pak'ma'ra.\" - Capt. John Sheridan
|
Admiral Valeor Tackle
Admiral
Joined: February 26, 2012
Posts: 106
| Posted: 2012-08-20 06:22
Unbelievable. He could hack our account. Thanks for the warning ds team
_________________
Pleasse do not cry
|
Nimitz
Fleet Admiral
Courageous Elite Commandos
Joined: April 19, 2005
Posts: 141
From: Melbourne, Australia
| Posted: 2012-08-20 09:29
Thanks for letting us know guys. Appreciate the immediate action.
Hopefully you also no longer use the same password for prod, dev and home systems 
_________________
\"Programming today is a race between software engineers striving to build bigger and better idiot proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.\" -- Rich Cook
|
Pantheon
Marshal
Palestar
Joined: May 29, 2001
Posts: 1789
| Posted: 2012-08-20 09:58
Quote:
|
On 2012-08-20 09:29, Nimitz wrote:
Thanks for letting us know guys. Appreciate the immediate action.
Hopefully you also no longer use the same password for prod, dev and home systems
|
|
I didn't, which is why they were unsuccessful with mine.
_________________
|
Faustus
Marshal
Palestar
Joined: May 29, 2001
Posts: 2748
From: Austin, Texas
| Posted: 2012-08-20 10:55
Quote:
|
On 2012-08-20 09:58, Pantheon wrote:
Quote:
|
On 2012-08-20 09:29, Nimitz wrote:
Thanks for letting us know guys. Appreciate the immediate action.
Hopefully you also no longer use the same password for prod, dev and home systems
|
|
I didn't, which is why they were unsuccessful with mine.
|
|
I've learned my lesson as well now, I'm using different passwords for everything now.
_________________
|
Kenny_Naboo
Marshal
Pitch Black
Joined: January 11, 2010
Posts: 3823
From: LobsterTown
| Posted: 2012-08-20 11:00
Quote:
|
On 2012-08-20 10:55, Faustus wrote:
Quote:
|
On 2012-08-20 09:58, Pantheon wrote:
Quote:
|
On 2012-08-20 09:29, Nimitz wrote:
Thanks for letting us know guys. Appreciate the immediate action.
Hopefully you also no longer use the same password for prod, dev and home systems
|
|
I didn't, which is why they were unsuccessful with mine.
|
|
I've learned my lesson as well now, I'm using different passwords for everything now.
|
|
I did that once. I couldn't remember them all.
So unfortunately I use mostly the same for all. 
_________________
... in space, no one can hear you scream.....
|
English
Deutsch
Nederlands
)
