NATION

PASSWORD

Data leak

Bug reports, general help, ideas for improvements, and questions about how things are meant to work.
User avatar
[violet]
Site Admin
 
Posts: 14540
Founded: Antiquity

Data leak

Postby [violet] » Sun Mar 01, 2015 9:19 pm

Not a good day. Information here:

https://www.nationstates.net/page=news/ ... index.html

Please post any questions, or contact us privately.

Key points:
  • Only 0.08% of nations are affected
  • There is a tool here to check whether you are affected
  • If affected, your email address and password hash could have been downloaded by a third party, so you should change your password, both here and anywhere else you use that combination
  • Please contact us with any questions or concerns.
Last edited by [violet] on Mon Mar 02, 2015 4:14 am, edited 2 times in total.

User avatar
Reddogkeno101
Senator
 
Posts: 3908
Founded: Feb 03, 2013
Ex-Nation

Postby Reddogkeno101 » Sun Mar 01, 2015 9:22 pm

I just hope that most of these are puppets. Also, why would anyone want information from NS?
Russia,Imperialism, fascism, Religion, Speedo-clad politicians and North Korea
Team Reek, Centralised EU, Australia, NATO, Ukraine(Kiev Rus), Poland, China, Obama and Democrat led Murica
'Straya

This user deplores oxygen pirates, so oxygen pirates beware.

User avatar
Militcom
Bureaucrat
 
Posts: 49
Founded: Nov 10, 2013
Corrupt Dictatorship

Postby Militcom » Sun Mar 01, 2015 9:23 pm

Should we all change our passes again? How bad was the leak?

User avatar
Reploid Productions
Forum Admin
 
Posts: 26719
Founded: Antiquity
Democratic Socialists

Postby Reploid Productions » Sun Mar 01, 2015 9:24 pm

Reddogkeno101 wrote:I just hope that most of these are puppets. Also, why would anyone want information from NS?

It wasn't a case of someone breaking into NS to steal info, it's a case of "Something broke, potentially exposing private data to people who shouldn't be able to access that data."

Militcom wrote:Should we all change our passes again? How bad was the leak?

Please read the linked News post. If your nation was one of the ones affected, then yes, you should change your password just in case. The vast majority of players, however, were not affected.
Forum mod since May 8, 2003 -- Game mod since May 19, 2003
Reppy's DoGA FAQ - For those using DoGA to make their NS military and such
One Stop Rules Shop -- Reppy's Sig Workshop -- Getting Help Page
[violet] wrote:Maybe we could power our new search engine from the sexual tension between you two.
Ifreann wrote:Bring Reppy your signet rings, she is our Brony Queen now!

I believe in the magic of friendship, the wholly awesome bronydom, the conventions of fans,
the forgiveness of haters, the resurrection of faith in humanity, and love everlasting.

In nomine poni, et filly, et spiritus stable.
Char Aznable/Giant Meteor 2020! - Forcing humanity to move into space and progress whether we goddamn want to or not!

User avatar
Reddogkeno101
Senator
 
Posts: 3908
Founded: Feb 03, 2013
Ex-Nation

Postby Reddogkeno101 » Sun Mar 01, 2015 9:26 pm

Reploid Productions wrote:
Reddogkeno101 wrote:I just hope that most of these are puppets. Also, why would anyone want information from NS?

It wasn't a case of someone breaking into NS to steal info, it's a case of "Something broke, potentially exposing private data to people who shouldn't be able to access that data."

Militcom wrote:Should we all change our passes again? How bad was the leak?

Please read the linked News post. If your nation was one of the ones affected, then yes, you should change your password just in case. The vast majority of players, however, were not affected.

Yes, I do understand, but why would people take that data and how could they use it?
Russia,Imperialism, fascism, Religion, Speedo-clad politicians and North Korea
Team Reek, Centralised EU, Australia, NATO, Ukraine(Kiev Rus), Poland, China, Obama and Democrat led Murica
'Straya

This user deplores oxygen pirates, so oxygen pirates beware.

User avatar
The Corparation
Post Czar
 
Posts: 33938
Founded: Aug 31, 2009
Iron Fist Consumerists

Postby The Corparation » Sun Mar 01, 2015 9:27 pm

Glad that we're being told about this and that it seems to be under control, that said I have two questions:
1) How was the leak discovered?
2) Is there any indication that someone has tried to take advantage of the information released from the leak? (Although from what it looks like it, it doesn't seem that they could do much with it, even if they did.)
Last edited by The Corparation on Sun Mar 01, 2015 9:30 pm, edited 1 time in total.
Nuclear Death Machines Here (Both Flying and Orbiting)
Orbital Freedom Machine Here
A Subsidiary company of Nightkill Enterprises Inc.Weekly words of wisdom: Nothing is more important than waifus.- Gallia-
Making the Nightmare End 2020 WARNING: This post contains chemicals known to the State of CA to cause cancer and birth defects or other reproductive harm. - Prop 65, CA Health & Safety This Cell is intentionally blank.

User avatar
United Russian Soviet States
Minister
 
Posts: 3327
Founded: Jan 07, 2015
Ex-Nation

Postby United Russian Soviet States » Sun Mar 01, 2015 9:28 pm

Did it affect my old nation, Greater Weselton?
This nation does not represent my views.
I stand with Rand.
_[' ]_
(-_Q) If you support Capitalism put this in your Sig.
:Member of the United National Group:

User avatar
[violet]
Site Admin
 
Posts: 14540
Founded: Antiquity

Postby [violet] » Sun Mar 01, 2015 9:32 pm

The Corparation wrote:Glad that we're being told about this and that it seems to be under control, that said I have two questions:
1) How was the leak discovered?

A player reported it.

The Corparation wrote:2) Is there any indication that someone has tried to take advantage of the information released from the leak? (Although from what it looks like it, it doesn't seem that they could do much with it, even if they did.)

No, we're not aware that it has been used in any nefarious way.

User avatar
Divergia
Chargé d'Affaires
 
Posts: 473
Founded: Nov 18, 2012
Ex-Nation

Postby Divergia » Sun Mar 01, 2015 9:32 pm

United Russian Soviet States wrote:Did it affect my old nation, Greater Weselton?


Use the tool.

Another Note: How many other people thought this was for the April Fools Prank when they first saw it?
I wear teal, blue & pink for Swith.

XENOS AND A MEMBER OF THE MULTI-SPECIES UNION!

Please do not think that this nation represents any of our views, its quite the opposite actually

User avatar
Kemintiri of Kemet
Envoy
 
Posts: 241
Founded: Jan 24, 2015
Ex-Nation

Postby Kemintiri of Kemet » Sun Mar 01, 2015 9:33 pm

[...]their stored telegrams were also exposed (up to 20).

The Fappening: The Second Coming

Oh wait...
The great majority of these were recruitment messages.

Wait a minute...
The great majority of these were recruitment messages.


In all seriousness: This. Is. BAD. I hope NOBODY malicious has discovered these leaks...
Yo Mama|Elegy for Easter|Black of Knight|On Tagger's Fields|Raid Regions|A Thousand Days of Mourning In Honour Of My Fallen Loved One|Love-lies-bleeding|It Is Heartbreak
Կէմինտիրի Թեոդորա Շնեժ Մոնտրէսոր
Kemintiri T'yeodora Snez Montresor

100 Invader 63 Defender
Niece of Tim Stark, Escade and Solorni
Daughter of Severisen and Xoriet
Niece-by-marriage of Dalimbar
Granddaughter of Minineenee
Descendant of Astarial
Half-sister of Rirersyl
Sister of Ramaeus
Cousin of Knot

User avatar
[violet]
Site Admin
 
Posts: 14540
Founded: Antiquity

Postby [violet] » Sun Mar 01, 2015 9:34 pm

United Russian Soviet States wrote:Did it affect my old nation, Greater Weselton?

If you can revive it, that's the fastest way to check, because you can use the Data Leak Checker. If not, please lodge a Help Request and an admin will check it for you.

User avatar
The Corparation
Post Czar
 
Posts: 33938
Founded: Aug 31, 2009
Iron Fist Consumerists

Postby The Corparation » Sun Mar 01, 2015 9:35 pm

[violet] wrote:
The Corparation wrote:Glad that we're being told about this and that it seems to be under control, that said I have two questions:
1) How was the leak discovered?

A player reported it.

The Corparation wrote:2) Is there any indication that someone has tried to take advantage of the information released from the leak? (Although from what it looks like it, it doesn't seem that they could do much with it, even if they did.)

No, we're not aware that it has been used in any nefarious way.

Good to know, thanks for the prompt response.
Nuclear Death Machines Here (Both Flying and Orbiting)
Orbital Freedom Machine Here
A Subsidiary company of Nightkill Enterprises Inc.Weekly words of wisdom: Nothing is more important than waifus.- Gallia-
Making the Nightmare End 2020 WARNING: This post contains chemicals known to the State of CA to cause cancer and birth defects or other reproductive harm. - Prop 65, CA Health & Safety This Cell is intentionally blank.

User avatar
Kemintiri of Kemet
Envoy
 
Posts: 241
Founded: Jan 24, 2015
Ex-Nation

Postby Kemintiri of Kemet » Sun Mar 01, 2015 9:35 pm

Divergia wrote:
United Russian Soviet States wrote:Did it affect my old nation, Greater Weselton?


Use the tool.

Another Note: How many other people thought this was for the April Fools Prank when they first saw it?

I did. But then I realised it was March.
[violet] wrote:
United Russian Soviet States wrote:Did it affect my old nation, Greater Weselton?

If you can revive it, that's the fastest way to check, because you can use the Data Leak Checker. If not, please lodge a Help Request and an admin will check it for you.

DEATed. Only option to file GHR.
Yo Mama|Elegy for Easter|Black of Knight|On Tagger's Fields|Raid Regions|A Thousand Days of Mourning In Honour Of My Fallen Loved One|Love-lies-bleeding|It Is Heartbreak
Կէմինտիրի Թեոդորա Շնեժ Մոնտրէսոր
Kemintiri T'yeodora Snez Montresor

100 Invader 63 Defender
Niece of Tim Stark, Escade and Solorni
Daughter of Severisen and Xoriet
Niece-by-marriage of Dalimbar
Granddaughter of Minineenee
Descendant of Astarial
Half-sister of Rirersyl
Sister of Ramaeus
Cousin of Knot

User avatar
United Russian Soviet States
Minister
 
Posts: 3327
Founded: Jan 07, 2015
Ex-Nation

Postby United Russian Soviet States » Sun Mar 01, 2015 9:41 pm

Divergia wrote:
United Russian Soviet States wrote:Did it affect my old nation, Greater Weselton?


Use the tool.

Another Note: How many other people thought this was for the April Fools Prank when they first saw it?

I can only use the tool with my current nation.
This nation does not represent my views.
I stand with Rand.
_[' ]_
(-_Q) If you support Capitalism put this in your Sig.
:Member of the United National Group:

User avatar
[violet]
Site Admin
 
Posts: 14540
Founded: Antiquity

Postby [violet] » Sun Mar 01, 2015 9:53 pm

United Russian Soviet States wrote:I can only use the tool with my current nation.

This is correct, since for privacy reasons we don't want to offer an automated tool that lets anyone look up information on other people's nations. However, if you are unable to log into an old nation for any reason, please contact us and we will help you out.

User avatar
Unibot III
Negotiator
 
Posts: 5800
Founded: Mar 11, 2011
Inoffensive Centrist Democracy

Postby Unibot III » Sun Mar 01, 2015 10:06 pm

[violet] does the data leak checker consider there to be a difference between name@gmail.com and name+1@gmail.com? Thank you for your prompt response here. :)
Last edited by Unibot III on Sun Mar 01, 2015 10:07 pm, edited 1 time in total.
[violet] wrote:I mean this in the best possible way,
but Unibot is not a typical NS player.
Milograd wrote:You're a caring, resolute lunatic
with the best of intentions.
Org. Join Date: 25/05/2008 | Former Delegate of The Rejected Realms | Gameplay Alignment: -18 / -13
Unibotian Factbook // An Analysis of NationStates Generations // The Gameplay Alignment Test // NS Weather // How do I join the UDL? // The Transpacific Trade
Paradise Found // The Unibotian Life Expectancy Index // Proudly Authored 9 GA Res., 14 SC Res. // Commended by SC#78 // The Polysemes of Nativeness;

▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬
✯ Duty is Eternal, Justice is Imminent: UDL

User avatar
Jean Pierre Trudeau
Ambassador
 
Posts: 1158
Founded: Nov 20, 2013
Ex-Nation

Postby Jean Pierre Trudeau » Sun Mar 01, 2015 10:14 pm

Let me get this straight? A hard drive acts up and was replaced, and now data is leaked? I must ask, where did that hard drive go? Seeing as how email addresses, and ip addresses were leaked, has this incident been reported to the appropriate authorities? If not, I would highly suggest doing so, as this is a major violation of privacy laws within some countries.

Thank you for the prompt updates Violet.
Jean Pierre Trudeau
Chancellor, United Federation of Canada,
Premier, The North American Union
World Assembly Resolution Author

Socialism is NOT Communism.

User avatar
Alyakia
Post Marshal
 
Posts: 18414
Founded: Jul 12, 2011
Democratic Socialists

Postby Alyakia » Sun Mar 01, 2015 10:15 pm

[violet] wrote:A player reported it.


what a cool [guy/gal]

thank you [guy/gal]
pro: good
anti: bad

The UK and EU are Better Together

"Margaret Thatcher showed the world that women are not too soft or the weaker sex, and can be as heartless, horrible, and amoral as any male politician."

User avatar
[violet]
Site Admin
 
Posts: 14540
Founded: Antiquity

Postby [violet] » Sun Mar 01, 2015 10:17 pm

Unibot III wrote:[violet] does the data leak checker consider there to be a difference between name@gmail.com and name+1@gmail.com? Thank you for your prompt response here. :)

We are able to tell that name@gmail.com and name+1@gmail.com are the same address, so you don't need to worry about variations there. However, this only works for GMail: if there are other mail providers that offer tricks like that, we're not able to compensate for them, and we consider different-looking email addresses (ignoring capitalization) to be unique.

User avatar
Allancia
Negotiator
 
Posts: 6571
Founded: Jul 24, 2013
Inoffensive Centrist Democracy

Postby Allancia » Sun Mar 01, 2015 10:20 pm

I was wondering whether or not people with past nations might have been affected. I had some old nations, who are now defunct, in the past, but I think I am also asking for those who no longer are a part of Nationstates who could have had their information leaked and never know about it. Thanks for being so prompt about updating us [violet].
"One of the great things about books is sometimes there are some fantastic pictures."
-George Bush

User avatar
Zarvarza
Chargé d'Affaires
 
Posts: 354
Founded: Sep 19, 2010
Left-Leaning College State

Postby Zarvarza » Sun Mar 01, 2015 10:20 pm

Zarvarza was not part of the leak, nor was any email associated with it; however, 7 telegram(s) probably sent by you WERE INVOLVED, being held by a nation that was compromised. :(

This means there was no exposure of your personally identifiable information, but potentially these telegram(s) could have been read by a third party. Please contact the moderators for details.


That was the message I got. The message did not show up on another nation of mine (with the same IP, but different email). I would advise those to check their puppets if they use different emails and such (for raiding or defending and such.

User avatar
Torisakia
Post Marshal
 
Posts: 15030
Founded: Jun 04, 2011
Civil Rights Lovefest

Postby Torisakia » Sun Mar 01, 2015 10:22 pm

Good thing I have LifeLock(sponsor).

I'm surprised I wasn't affected, considering how much of my personal info I put on this site. I think that even if my info was leaked, no one would do anything with it. Who would want to be me?
Royal Alexandre Hockey Invitational II Champions, NS Sports' Unofficial Champions of Life™
Pro: truth
Anti: Uptight short sided narrow minded hypocrites, neurotic psychotic pigheaded politicians, short-haired yellow-bellied sons of Tricky Dick who try to mother-hubbard soft soap me with pockets full of hopes, tight-lipped condescending mama's little chauvinists, Schizophrenic egocentric paranoiac primadonnas
"Put on the armor of God so that you may stand the evil that is to come."

User avatar
Allancia
Negotiator
 
Posts: 6571
Founded: Jul 24, 2013
Inoffensive Centrist Democracy

Postby Allancia » Sun Mar 01, 2015 10:24 pm

Zarvarza wrote:
Zarvarza was not part of the leak, nor was any email associated with it; however, 7 telegram(s) probably sent by you WERE INVOLVED, being held by a nation that was compromised. :(

This means there was no exposure of your personally identifiable information, but potentially these telegram(s) could have been read by a third party. Please contact the moderators for details.


That was the message I got. The message did not show up on another nation of mine (with the same IP, but different email). I would advise those to check their puppets if they use different emails and such (for raiding or defending and such.


I'm so sorry. If you need help from anyone, we're here for you.
"One of the great things about books is sometimes there are some fantastic pictures."
-George Bush

User avatar
Hobbesistan
Minister
 
Posts: 2468
Founded: Jul 01, 2013
Inoffensive Centrist Democracy

Postby Hobbesistan » Sun Mar 01, 2015 10:27 pm

Torisakia wrote:Good thing I have LifeLock(sponsor).

I'm surprised I wasn't affected, considering how much of my personal info I put on this site. I think that even if my info was leaked, no one would do anything with it. Who would want to be me?


You'd be surprised, lots of people wanting other peoples information on the internet for various reasons.

It's really down to how much your into stuff though, I doubt the average NSer will have much interest to hackers.

I do some security work on the side so I get hit a lot (someone got into my Skype a month or so ago, for example), because hacking the security guy shows how badass you are or something in script kiddy language. People have also tried to 'dox' me a few times, though mostly this is reading information back from the WHOIS on a domain I own and acting like they actually acquired it. Overall though, (to those affected) you know more then any of us as to if anyone wants to know anything about you or not.
Last edited by Hobbesistan on Sun Mar 01, 2015 10:30 pm, edited 2 times in total.
Hobbes
ra, ra rasputin

Maintainer of the Nationstates FAQ and Deletiger (Ret.) of The East Pacific
russia's greatest

Hobbes is always winning, like Charlie Sheen. - Jurisdictions
love machine

Stop right there (hobbes), your rational thought and intellect will destroy the internet. - Sovreignry
it was a shame how

Giraffes think Hobbes regret a lot. A lot of giraffes do. - Rachel
he carried on.

User avatar
Reploid Productions
Forum Admin
 
Posts: 26719
Founded: Antiquity
Democratic Socialists

Postby Reploid Productions » Sun Mar 01, 2015 10:30 pm

Torisakia wrote:Good thing I have LifeLock(sponsor).

I'm surprised I wasn't affected, considering how much of my personal info I put on this site. I think that even if my info was leaked, no one would do anything with it. Who would want to be me?

There's not a lot that someone could do if they did get the leaked data, really. But in a worst-case scenario, it could cause problems.

For example:
-Player A uses the same password for their NS account and the email account they put on their NS nation. BadGuy gets the password hash, and because Player A uses a weak password, BadGuy is able to crack it and get into Player A's email account where any number of shenanigans can then ensue.
Or:
-Player B uses the same password/email combination on their NS account that they do on their banking website. BadGuy gets the password hash and given sufficient time manages to crack it and use it to get into the banking website account.

Scenarios like that aren't likely, granted, but it's still better that folks are aware. Also, the moral of the story: Don't use the same password you use for NS for anything important like yer banking stuff!
Forum mod since May 8, 2003 -- Game mod since May 19, 2003
Reppy's DoGA FAQ - For those using DoGA to make their NS military and such
One Stop Rules Shop -- Reppy's Sig Workshop -- Getting Help Page
[violet] wrote:Maybe we could power our new search engine from the sexual tension between you two.
Ifreann wrote:Bring Reppy your signet rings, she is our Brony Queen now!

I believe in the magic of friendship, the wholly awesome bronydom, the conventions of fans,
the forgiveness of haters, the resurrection of faith in humanity, and love everlasting.

In nomine poni, et filly, et spiritus stable.
Char Aznable/Giant Meteor 2020! - Forcing humanity to move into space and progress whether we goddamn want to or not!

Next

Advertisement

Remove ads

Return to Technical

Who is online

Users browsing this forum: Mingulay Isle

Advertisement

Remove ads