annoying furry 6,300 / 63,965 Report Post Posted February 11 Hello, Last night I was made aware of an issue in which a large number of people had been banned by an individual who had obtained the GFLBans tokens for Hide and Seek and Rotation. We determined that a staff member's Pterodactyl account was compromised by the individual due to reused passwords, which they used to obtain the GFLBans tokens and vandalize the servers they had access to. We responded by deactivating the tokens and revoking the compromised staff member's panel account. As some servers were rendered inoperable, we are currently working on restoring backups and will have them up as soon as possible. With the access the individual had, it is possible they would've been able to access the following potentially sensitive items: User Steam account IDs and associated IP addresses of users who had connected to the affected servers. In-game chat logs. Source code for plugins on the affected game servers. That said, based on the logs our system collects to monitor staff member activity on the panel, we have no evidence that the user attempted to access any of this information except for plugin source code. The activity logs suggest that the log files containing PII were deleted without being read by the individual during their wider effort to vandalize system resources. As such, we do not expect that any PII has actually been exposed but we publish this notice out of an abundance of caution. We don't believe it is necessary for users to take any action at this time, but as always we caution against reusing passwords and recommend that everybody, players and staff members alike, utilize a password manager to aid in maintaining secure and unique passwords for all of the websites you use. (signature made by @Kaylode) Previously known as Xy. Twitter ❤️Ko-Fi ❤️Github Share this post Link to post Share on other sites More sharing options...
Liloz01 1,256 / 19,855 Report Post Posted February 11 gfl sponsored by lastpass (you probably shouldn't use lastpass) Contact me here or on Discord @Liloz01#9857 For help with anything Forum related: https://gflclan.com/contact/ or https://gflclan.com/forum/18-support/ Share this post Link to post Share on other sites More sharing options...
annoying furry 6,300 / 63,965 Report Post Posted February 11 8 minutes ago, Liloz01 said: gfl sponsored by lastpass (you probably shouldn't use lastpass) don't use lastpass (signature made by @Kaylode) Previously known as Xy. Twitter ❤️Ko-Fi ❤️Github Share this post Link to post Share on other sites More sharing options...
nathan22211 0 / 13 Report Post Posted February 11 I'd advise using Bitwarden and a 2FA app like google auth where possible. Bitwarden does have a 2FA option but you need to pay for it unless you self host it Share this post Link to post Share on other sites More sharing options...
The1337Gh0st 238 / 8,599 Report Post Posted February 11 17 minutes ago, nathan22211 said: I'd advise using Bitwarden and a 2FA app like google auth where possible. Bitwarden does have a 2FA option but you need to pay for it unless you self host it if you want something simpler, you can use something like KeePassXC since it's a purely offline program (which could be a benefit or drawback depending on how you want to use it) Share this post Link to post Share on other sites More sharing options... Achievements
annoying furry 6,300 / 63,965 Report Post Posted February 15 On 2/11/2024 at 5:20 PM, nathan22211 said: I'd advise using Bitwarden and a 2FA app like google auth where possible. Bitwarden does have a 2FA option but you need to pay for it unless you self host it BitWarden is my personal favorite 👍. We require do require MFA, but unfortunately there is a way around that I am aware of currently in certain instances. On 2/11/2024 at 5:45 PM, The1337Gh0st said: if you want something simpler, you can use something like KeePassXC since it's a purely offline program (which could be a benefit or drawback depending on how you want to use it) I used to use this and it's still pretty good since you do not need to rely on a third party's security practices to guard your data, but I would make sure you have a good backup solution in place to guard against a corrupted database or your system dying. I find that KeePassXC is good when paired when something like Syncthing as you can keep the database file synced up on multiple devices, including on Android. (signature made by @Kaylode) Previously known as Xy. Twitter ❤️Ko-Fi ❤️Github Share this post Link to post Share on other sites More sharing options...