Hello,
Last night I was made aware of an issue in which a large number of people had been banned by an individual who had obtained the GFLBans tokens for Hide and Seek and Rotation. We determined that a staff member's Pterodactyl account was compromised by the individual due to reused passwords, which they used to obtain the GFLBans tokens and vandalize the servers they had access to. We responded by deactivating the tokens and revoking the compromised staff member's panel account. As some servers were rendered inoperable, we are currently working on restoring backups and will have them up as soon as possible.
With the access the individual had, it is possible they would've been able to access the following potentially sensitive items:
- User Steam account IDs and associated IP addresses of users who had connected to the affected servers.
- In-game chat logs.
That said, based on the logs our system collects to monitor staff member activity on the panel, we have no evidence that the user attempted to access any of this information. In fact, the activity logs suggest that the log files containing this information were deleted without being read by the individual during their wider effort to vandalize system resources. As such, we do not expect that any PII has actually been exposed but we publish this notice out of an abundance of caution.
We don't believe it is necessary for users to take any action at this time, but as always we caution against reusing passwords and recommend that everybody, players and staff members alike, utilize a password manager to aid in maintaining secure and unique passwords for all of the websites you use.
Recommended Comments
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now