Data leak

[[violet]]

Not a good day. Information here:

https://www.nationstates.net/page=news/ ... index.html

Please post any questions, or contact us privately.

Key points:

• Only 0.08% of nations are affected
• There is a tool here to check whether you are affected
• If affected, your email address and password hash could have been downloaded by a third party, so you should change your password, both here and anywhere else you use that combination
• Please contact us with any questions or concerns.

[Reddogkeno101]

I just hope that most of these are puppets. Also, why would anyone want information from NS?

[Militcom]

Should we all change our passes again? How bad was the leak?

[Reploid Productions]

I just hope that most of these are puppets. Also, why would anyone want information from NS?

It wasn't a case of someone breaking into NS to steal info, it's a case of "Something broke, potentially exposing private data to people who shouldn't be able to access that data."

Should we all change our passes again? How bad was the leak?

Please read the linked News post. If your nation was one of the ones affected, then yes, you should change your password just in case. The vast majority of players, however, were not affected.

[Reddogkeno101]

I just hope that most of these are puppets. Also, why would anyone want information from NS?

It wasn't a case of someone breaking into NS to steal info, it's a case of "Something broke, potentially exposing private data to people who shouldn't be able to access that data."

Should we all change our passes again? How bad was the leak?

Please read the linked News post. If your nation was one of the ones affected, then yes, you should change your password just in case. The vast majority of players, however, were not affected.

Yes, I do understand, but why would people take that data and how could they use it?

[The Corparation]

Glad that we're being told about this and that it seems to be under control, that said I have two questions:
1) How was the leak discovered?
2) Is there any indication that someone has tried to take advantage of the information released from the leak? (Although from what it looks like it, it doesn't seem that they could do much with it, even if they did.)

[United Russian Soviet States]

Did it affect my old nation, Greater Weselton?

[[violet]]

Glad that we're being told about this and that it seems to be under control, that said I have two questions:
1) How was the leak discovered?

A player reported it.

2) Is there any indication that someone has tried to take advantage of the information released from the leak? (Although from what it looks like it, it doesn't seem that they could do much with it, even if they did.)

No, we're not aware that it has been used in any nefarious way.

[Divergia]

Did it affect my old nation, Greater Weselton?

Use the tool.

Another Note: How many other people thought this was for the April Fools Prank when they first saw it?

[Kemintiri of Kemet]

[...]their stored telegrams were also exposed (up to 20).

The Fappening: The Second Coming

Oh wait...

The great majority of these were recruitment messages.

Wait a minute...

The great majority of these were recruitment messages.

---

---

In all seriousness: This. Is. BAD. I hope NOBODY malicious has discovered these leaks...

[[violet]]

Did it affect my old nation, Greater Weselton?

If you can revive it, that's the fastest way to check, because you can use the Data Leak Checker. If not, please lodge a Help Request and an admin will check it for you.

[The Corparation]

Glad that we're being told about this and that it seems to be under control, that said I have two questions:
1) How was the leak discovered?

A player reported it.

2) Is there any indication that someone has tried to take advantage of the information released from the leak? (Although from what it looks like it, it doesn't seem that they could do much with it, even if they did.)

No, we're not aware that it has been used in any nefarious way.

Good to know, thanks for the prompt response.

[Kemintiri of Kemet]

Did it affect my old nation, Greater Weselton?

Use the tool.

Another Note: How many other people thought this was for the April Fools Prank when they first saw it?

I did. But then I realised it was March.

Did it affect my old nation, Greater Weselton?

If you can revive it, that's the fastest way to check, because you can use the Data Leak Checker. If not, please lodge a Help Request and an admin will check it for you.

DEATed. Only option to file GHR.

[United Russian Soviet States]

Did it affect my old nation, Greater Weselton?

Use the tool.

Another Note: How many other people thought this was for the April Fools Prank when they first saw it?

I can only use the tool with my current nation.

[[violet]]

I can only use the tool with my current nation.

This is correct, since for privacy reasons we don't want to offer an automated tool that lets anyone look up information on other people's nations. However, if you are unable to log into an old nation for any reason, please contact us and we will help you out.

[Unibot III]

[violet] does the data leak checker consider there to be a difference between name@gmail.com and name+1@gmail.com? Thank you for your prompt response here.

[Jean Pierre Trudeau]

Let me get this straight? A hard drive acts up and was replaced, and now data is leaked? I must ask, where did that hard drive go? Seeing as how email addresses, and ip addresses were leaked, has this incident been reported to the appropriate authorities? If not, I would highly suggest doing so, as this is a major violation of privacy laws within some countries.

Thank you for the prompt updates Violet.

[Alyakia]

A player reported it.

what a cool [guy/gal]

thank you [guy/gal]

[[violet]]

[violet] does the data leak checker consider there to be a difference between name@gmail.com and name+1@gmail.com? Thank you for your prompt response here.

We are able to tell that name@gmail.com and name+1@gmail.com are the same address, so you don't need to worry about variations there. However, this only works for GMail: if there are other mail providers that offer tricks like that, we're not able to compensate for them, and we consider different-looking email addresses (ignoring capitalization) to be unique.

[Allancia]

I was wondering whether or not people with past nations might have been affected. I had some old nations, who are now defunct, in the past, but I think I am also asking for those who no longer are a part of Nationstates who could have had their information leaked and never know about it. Thanks for being so prompt about updating us [violet].

[Zarvarza]

Zarvarza was not part of the leak, nor was any email associated with it; however, 7 telegram(s) probably sent by you WERE INVOLVED, being held by a nation that was compromised.

This means there was no exposure of your personally identifiable information, but potentially these telegram(s) could have been read by a third party. Please contact the moderators for details.

That was the message I got. The message did not show up on another nation of mine (with the same IP, but different email). I would advise those to check their puppets if they use different emails and such (for raiding or defending and such.

[Torisakia]

Good thing I have LifeLock(sponsor).

I'm surprised I wasn't affected, considering how much of my personal info I put on this site. I think that even if my info was leaked, no one would do anything with it. Who would want to be me?

[Allancia]

Zarvarza was not part of the leak, nor was any email associated with it; however, 7 telegram(s) probably sent by you WERE INVOLVED, being held by a nation that was compromised.

This means there was no exposure of your personally identifiable information, but potentially these telegram(s) could have been read by a third party. Please contact the moderators for details.

That was the message I got. The message did not show up on another nation of mine (with the same IP, but different email). I would advise those to check their puppets if they use different emails and such (for raiding or defending and such.

I'm so sorry. If you need help from anyone, we're here for you.

[Hobbesistan]

Good thing I have LifeLock(sponsor).

I'm surprised I wasn't affected, considering how much of my personal info I put on this site. I think that even if my info was leaked, no one would do anything with it. Who would want to be me?

You'd be surprised, lots of people wanting other peoples information on the internet for various reasons.

It's really down to how much your into stuff though, I doubt the average NSer will have much interest to hackers.

I do some security work on the side so I get hit a lot (someone got into my Skype a month or so ago, for example), because hacking the security guy shows how badass you are or something in script kiddy language. People have also tried to 'dox' me a few times, though mostly this is reading information back from the WHOIS on a domain I own and acting like they actually acquired it. Overall though, (to those affected) you know more then any of us as to if anyone wants to know anything about you or not.

[Reploid Productions]

Good thing I have LifeLock(sponsor).

I'm surprised I wasn't affected, considering how much of my personal info I put on this site. I think that even if my info was leaked, no one would do anything with it. Who would want to be me?

There's not a lot that someone could do if they did get the leaked data, really. But in a worst-case scenario, it could cause problems.

For example:
-Player A uses the same password for their NS account and the email account they put on their NS nation. BadGuy gets the password hash, and because Player A uses a weak password, BadGuy is able to crack it and get into Player A's email account where any number of shenanigans can then ensue.
Or:
-Player B uses the same password/email combination on their NS account that they do on their banking website. BadGuy gets the password hash and given sufficient time manages to crack it and use it to get into the banking website account.

Scenarios like that aren't likely, granted, but it's still better that folks are aware. Also, the moral of the story: Don't use the same password you use for NS for anything important like yer banking stuff!