Jump to content
Need help joining CS:GO servers now that CS2 has released? Click here for our guide on getting back into CS:GO. ×

  • Security Incident 2/10/24 - 2/11/24

    annoying furry

    By annoying furry

     Share

    Hello,

     

    Last night I was made aware of an issue in which a large number of people had been banned by an individual who had obtained the GFLBans tokens for Hide and Seek and Rotation. We determined that a staff member's Pterodactyl account was compromised by the individual due to reused passwords, which they used to obtain the GFLBans tokens and vandalize the servers they had access to. We responded by deactivating the tokens and revoking the compromised staff member's panel account. As some servers were rendered inoperable, we are currently working on restoring backups and will have them up as soon as possible.

     

    With the access the individual had, it is possible they would've been able to access the following potentially sensitive items:

    • User Steam account IDs and associated IP addresses of users who had connected to the affected servers.
    • In-game chat logs.

     

    That said, based on the logs our system collects to monitor staff member activity on the panel, we have no evidence that the user attempted to access any of this information. In fact, the activity logs suggest that the log files containing this information were deleted without being read by the individual during their wider effort to vandalize system resources. As such, we do not expect that any PII has actually been exposed but we publish this notice out of an abundance of caution.

     

    We don't believe it is necessary for users to take any action at this time, but as always we caution against reusing passwords and recommend that everybody, players and staff members alike, utilize a password manager to aid in maintaining secure and unique passwords for all of the websites you use.

     Share
    Go to articles

    User Feedback

    Recommended Comments

    The1337Gh0st
    17 minutes ago, nathan22211 said:

    I'd advise using Bitwarden and a 2FA app like google auth where possible. Bitwarden does have a 2FA option but you need to pay for it unless you self host it

     

    if you want something simpler, you can use something like KeePassXC since it's a purely offline program (which could be a benefit or drawback depending on how you want to use it)

    Link to comment
    Share on other sites
    annoying furry
    On 2/11/2024 at 5:20 PM, nathan22211 said:

    I'd advise using Bitwarden and a 2FA app like google auth where possible. Bitwarden does have a 2FA option but you need to pay for it unless you self host it

     

    BitWarden is my personal favorite 👍. We require do require MFA, but unfortunately there is a way around that I am aware of currently in certain instances.

     

    On 2/11/2024 at 5:45 PM, The1337Gh0st said:

     

    if you want something simpler, you can use something like KeePassXC since it's a purely offline program (which could be a benefit or drawback depending on how you want to use it)

    I used to use this and it's still pretty good since you do not need to rely on a third party's security practices to guard your data, but I would make sure you have a good backup solution in place to guard against a corrupted database or your system dying. I find that KeePassXC is good when paired when something like Syncthing as you can keep the database file synced up on multiple devices, including on Android.

    Link to comment
    Share on other sites


    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now

×
×
  • Create New...