Universal Gaming

Last night, an attack was executed against the forum. At this time, I am aware of the following things having occurred:

• ShiraNoMai's account was compromised. Her username, password, email, and profile were changed. I am not currently aware of any other account being compromised in any way.
  
• The site rules and marketplace threads were defaced. These have been restored to their original versions.
  
• A singular announcement containing the same content as the aforementioned threads was made using Shira's account. That announcement has been deleted.
  
• Strangely, Maniakkid25's account was gifted a large number of UG Cards, of which I have removed.
  
• A singular PM was sent to Maniak's account from Shira's account. No other user was messaged.
  
• Shira's account subscribed to 57 threads, because the attacker apparently wanted to be notified of new reading material.
  

I have been spending my morning trying to locate any possible vulnerabilities in the board and dealing with them, and will continue to do so as and when I come across any others. Nothing I've done should have affected the usability of the board, but if anyone notices something not working like it did prior to today, let me know. Also, if there is anywhere else on the board affected by the attack that I have not yet come across and cleaned up, please let me know.

Considering no other user was compromised, at this time I do not have reason to believe that user data such as passwords were exposed. Despite that, I recommend anyone who feels uneasy to change their password on here, and on any other service that shared that same password.

It is likely the attack occurred due to a malicious script that was executed via a vulnerability. I do not know if the attack was specifically targeted for us, or if we just unfortunately entered the cross hairs of someone scouring the internet with ill intents.

I will try my best to prevent this happening again, and I apologize that everyone here has had to be exposed to this incident.

Yeah, Karo poked me on Discord about the cards added to my account, and I just changed my password just in case. *ponyshrug.jpg*

I also have not opened the PM I got, specifically worried it would execute something.

I would suggest just deleting the PM outright. If anyone wants to see it without the risk of blowing something up, here you go:

Just updated my password for the forum. Have no idea who the eff would wanna do this crap tbh.

(Aug 4th, 2021, 09:29 PM)queenzelda Wrote: [ -> ]Just updated my password for the forum. Have no idea who the eff would wanna do this crap tbh.

Hard to say, but the website being linked to has an About Us that says the following:

Quote:Quality above quantity. Community of people passionate about cyber security and information security. Teach, Learn and Challenge.

So I would assume it was a group who tries to expose security issues on websites, although I would've liked a less scorched earth approach to finding out.

Ah, Moony! That's rough, man.

I had actually been thinking about dropping by and see how things were going around here and it makes me sad to have been reminded of it by this BS.

Anyway, hope things get sorted out soon!

All the best,

~ Me

Nice to see you drop in again @Nightingale! As far as I know everything is good now.

Great to hear!

Lucky it wasn't a major attack of things being completely ruined and deleted. Fuck I would be in a rage fit if it was, mostly at myself for not being here when it was going on. Didn't see anything out of order when I returned Wed night so didn't look everywhere but yeah taught me a lesson. >.< Still kicking myself. Thank goodness it was a security check but quite an outlandish way to do it, but I suppose that's where their slogan of Teach, Learn and Challenge comes in.

Just to throw out some good news for everyone, Summer Meltdown will be starting within the next few days and with it will be the full update to the card system, which will include the ability for everyone to select their own cards for display at any time instead of requesting I set it for them.
The functionality for setting your own cards already works, but I need to go through and attach every single card people have earned to their accounts, which will take me a little bit of time to go through.

Excellent news! That's honestly why I hadn't bought new ones.

Glad to hear all is well now !

Of course, I changed my password as soon as I heard about the attack, just in case .