NationStates

Alexanda wrote:For security reasons, I have deleted my E-Mail from the settings page, and resigned from the World Assembly. Does that ensure that, if my nation is involved in a future leak and information is released, my E-Mail shan't be made public?

Not completely, no. Your old email address will almost certainly still be stored somewhere, such as in backups, logfiles, and a 'prior emails' utility we use for nation recovery (and in the Data Leak Checker tool, to tell you whether an older nation of yours might have been affected). If you are concerned about this, please contact us. Which I see you've done, so I'll discuss it with you further privately there.

How will the data leak affect the victim nations? I was fortunately not affected.

Also I estimated that if only 0.08% of the world was affected, then the leak affected 10 nations (but you probably already knew that).

Xmara wrote:How will the data leak affect the victim nations? I was fortunately not affected.

Also I estimated that if only 0.08% of the world was affected, then the leak affected 10 nations (but you probably already knew that).

Except this leak affected 0.08% of all nations created in the history of ever.

Xmara wrote:How will the data leak affect the victim nations? I was fortunately not affected.

Also I estimated that if only 0.08% of the world was affected, then the leak affected 10 nations (but you probably already knew that).

It seems as though it affected CTEs as well. A puppet of mine that had been dead for over two years was affected by the leak.

Xmara wrote:How will the data leak affect the victim nations? I was fortunately not affected.

Also I estimated that if only 0.08% of the world was affected, then the leak affected 10 nations (but you probably already knew that).

About 10 live nations (actually 17), but also a little over three thousand ex-nations. Details are in the News post.

If affected, the primary problem is that password hashes were exposed, which means that potentially an unknown person could have downloaded the file, viewed it, set to work cracking the password hashes, and, if successful, could then revive the nations and take control of them. For those that had email addresses set, the larger concern is probably that the same combination of email address and password might have been used by the player on other, more important sites, like their email host or bank. Which is bad practice and why you shouldn't do that. But what internet bad guys do is look for email/password combinations and try them on other sites, hoping the user might have used them there, too.

So it attacked dead nations too?

I had a nation on here about 3 years ago (Tiggerland) that ceased to exist and I never recovered it. How do I know if it was affected?

Xmara wrote:So it attacked dead nations too?

I had a nation on here about 3 years ago (Tiggerland) that ceased to exist and I never recovered it. How do I know if it was affected?

Drop us a line asking about the nation name via the Getting Help page, and we can check for you.

Xmara wrote:So it attacked dead nations too?

I had a nation on here about 3 years ago (Tiggerland) that ceased to exist and I never recovered it. How do I know if it was affected?

You can revive nations very easily. Just type in its name, and put in its old password.

...except I lost the password. That's why it died in the first place.

I use LastPass, a very good service that holds all of your passwords. You can randomly generate passwords as well, and LP is a very safe program in my eyes and as well in others. Lifehacker released an article stating why it's safe and discussing the common question people think of when thinking about using LP, 'What if Lastpass gets hacked?' I am sure there are many other articles on the internet as well supporting all of this.

Lastpass: https://lastpass.com/
Lifehacker's Article: http://lifehacker.com/is-lastpass-secure-what-happens-if-it-gets-hacked-1555511389

Sad-States wrote:I use LastPass, a very good service that holds all of your passwords. You can randomly generate passwords as well, and LP is a very safe program in my eyes and as well in others. Lifehacker released an article stating why it's safe and discussing the common question people think of when thinking about using LP, 'What if Lastpass gets hacked?' I am sure there are many other articles on the internet as well supporting all of this.

Lastpass: https://lastpass.com/
Lifehacker's Article: http://lifehacker.com/is-lastpass-secure-what-happens-if-it-gets-hacked-1555511389

I used DoNotTrackMe and MaskMe, but apparently these became an extension called "Blur" that I don't yet understand.

MaskMe is still functional here. It's responsible for this service.

Point is, they it generated disguised email addresses that allowed content to be directly sent to my inbox, but didn't actually reveal my identity. (i.e. my true email address.)

ow
wowwww

I'll be honest, I thought the news bit was a hacker trying to get our accounts. Glad to see I was just being paranoid.

Deian salazar wrote:So is this thread going to be a permanent data leak thread or will this be deleted soon?
Just wondering, thanks!

This will eventually be removed from the top of the forums. It won't be deleted. Maybe moved around a bit, or slowly sink to the bottom of the Technical forum.

Changing thread from a Global Announcement to a regular topic. It's linked from the News post.

Hi, I filed a GHR about a concern I had concerning the leak. It's been over 24 hours now with no response. I realize that you all are busy, and that you have lives outside of NS, and I certainly don't want to sound impatient or ungrateful for all that you do. I appreciate how transparent and diligent you all have been through this fiasco, and I would just like to confirm that my GHR has been received and will be addressed sometime fairly soon. Thank you.

Idzequitch wrote:Hi, I filed a GHR about a concern I had concerning the leak. It's been over 24 hours now with no response. I realize that you all are busy, and that you have lives outside of NS, and I certainly don't want to sound impatient or ungrateful for all that you do. I appreciate how transparent and diligent you all have been through this fiasco, and I would just like to confirm that my GHR has been received and will be addressed sometime fairly soon. Thank you.

No, I don't have a GHR from you. Can you submit again? We have been keeping up with all inquiries.

[violet] wrote:

Idzequitch wrote:Hi, I filed a GHR about a concern I had concerning the leak. It's been over 24 hours now with no response. I realize that you all are busy, and that you have lives outside of NS, and I certainly don't want to sound impatient or ungrateful for all that you do. I appreciate how transparent and diligent you all have been through this fiasco, and I would just like to confirm that my GHR has been received and will be addressed sometime fairly soon. Thank you.

No, I don't have a GHR from you. Can you submit again? We have been keeping up with all inquiries.

Done.

Idzequitch wrote:

[violet] wrote:No, I don't have a GHR from you. Can you submit again? We have been keeping up with all inquiries.

Done.

Was my GHR received this time?

Idzequitch wrote:Was my GHR received this time?

I've replied to you via TG, yes. No nations you mentioned were affected.

I've noticed the dates in question are absent from the Archives - is there any plan to restore uncorrupted versions of the files in question to the archives?

If you don't have the files on hand, they're all available for download here (one of Afforess' things, I think). As far as I can tell, the files on there were collected from the initial, proper, public releases.

I mean it's not a huge thing in the grand scheme

Yep, thanks.

No, Thank you

Thanks for the notice, would've been much easier to just not mention it but the right thing was done and prudently so. Fortunately Tres wasn't affected.

Nowhere have I seen an information leak handled as openly and as well as here in NS. The users were informed, the nature and amount of leaked information was clearly stated and the technical aspects were openly given.

After reading this news I still fully trust NS. I hope others will do the same. Thank you for excellent handling of this incident!