Skip to content
  • Recent
  • Tags
  • Popular
  • Users
  • Groups
  • Donate
Collapse

Plutonium

  1. Home
  2. Announcements
  3. Notification of Plutonium Forum Databreach - September 2021

Notification of Plutonium Forum Databreach - September 2021

Scheduled Pinned Locked Moved Announcements
133 Posts 67 Posters 19.4k Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A Former User? Offline
    A Former User? Offline
    A Former User
    wrote on last edited by
    #11

    So you guys aren't even gonna give us instructions on how to negate the effects of the attackers having ONE AND A HALF MILLION IP ADDRESSES??
    They can just sell where I live whenever they want and you guys aren't gonna post even like an option that we can do to help ourselves.

    Cigarundefined Chopperundefined yogakumiundefined MainVortex12undefined 4 Replies Last reply
    1
    • imsarahhundefined Offline
      imsarahhundefined Offline
      imsarahh
      replied to Mr. Android on last edited by
      #12

      Mr. Android said in Notification of Plutonium Forum Databreach - September 2021:

      From here the attacker used our forum's API to scrape all registered users' profile data, and due to having access to a staff account, this data included IP address and Email Address history. Hence the stolen data includes more than the public facing profile information.
      During the attack in 2021 the Plutonium Staff team did detect the exfiltration of the data, however we mistakenly believed this to be somebody sc

      The real question here is why did a STAFF MEMBER even have access to that information, what happens if they were to go rogue. Completely unacceptable. Not to mention you muted everyone in the discord server to try and circumvent backlash. I think it might be time for everyone to switch to a different client.

      JakeFromTheFarmundefined 1 Reply Last reply
      9
      • Cigarundefined Offline
        Cigarundefined Offline
        Cigar
        replied to A Former User on last edited by
        #13

        @zombiepepega If you have a dynamic IP, you should be fine. However, anyone who doesn't I suggest deleting your account and or changing your information.

        1 Reply Last reply
        1
        • Inveniosundefined Offline
          Inveniosundefined Offline
          Invenios
          wrote on last edited by
          #14

          Everyone is giving the staff hell for not realizing the data breach when in reality. Everyone who owns a server and has access to the forums has most if not all scrapped data already available. None of the information is compromised. I appreciate the staff's transparency.

          imsarahhundefined Lucy001undefined 2 Replies Last reply
          4
          • Chopperundefined Offline
            Chopperundefined Offline
            Chopper
            replied to A Former User on last edited by
            #15

            @zombiepepega if you don't have a static IP, there isn't much to really worry about. If you have a static IP, every other service you use also knows your city etc. :)))

            1 Reply Last reply
            3
            • MrAmos123undefined Offline
              MrAmos123undefined Offline
              MrAmos123
              wrote on last edited by
              #16

              Embarrassment. You guys should be ashamed of this delay in notification and oversight.

              1 Reply Last reply
              4
              • A Former User? Offline
                A Former User? Offline
                A Former User
                replied to Mr. Android on last edited by
                #17

                Mr. Android

                Mr. Android said in Notification of Plutonium Forum Databreach - September 2021:

                What happens next:
                The only thing we can do is to notify you all as soon as possible and offer our most sincere apologies for this situation. We deeply regret that it has happened and hope our community can forgive us. Our entire Staff Team take responsibility for this lapse in what is usually a very robust Security Posture.

                This didn't happen though... you were probably hoping nothing would have happened but I imagine as soon as it was noticed online you had to make an announcement.

                You said you were aware of the data being exfiltrated, a more thorough investigation should have happened especially as a staff account was compromised?

                Poor handling on multiple levels.

                1 Reply Last reply
                4
                • Bone Crusherundefined Offline
                  Bone Crusherundefined Offline
                  Bone Crusher
                  replied to Mr. Android on last edited by
                  #18

                  Mr. Android said in Notification of Plutonium Forum Databreach - September 2021:

                  September 23rd, 2021

                  Glad you have realized it, what has happend to the information of the accounts made before September 23rd, 2021?

                  hindercanrunundefined 1 Reply Last reply
                  0
                  • xFDundefined Offline
                    xFDundefined Offline
                    xFD
                    wrote on last edited by
                    #19

                    They got lucky the hacker only stole trivial data. No one really cares about IP addresses anymore. HOW it happened is more than concerning though.

                    isaiah666undefined Cigarundefined 2 Replies Last reply
                    3
                    • isaiah666undefined Offline
                      isaiah666undefined Offline
                      isaiah666
                      replied to xFD on last edited by
                      #20

                      xFD said in Notification of Plutonium Forum Databreach - September 2021:

                      HOW it happened is more than concerning though.

                      True, this is what actually matters

                      1 Reply Last reply
                      0
                      • Cigarundefined Offline
                        Cigarundefined Offline
                        Cigar
                        replied to xFD on last edited by
                        #21

                        xFD A lot of people still have static IP addresses. And it's not just a small niche group of peoples data, this is 1.3 million IPs, emails, and usernames.

                        Daltaxundefined xFDundefined imsarahhundefined 3 Replies Last reply
                        0
                        • yogakumiundefined Offline
                          yogakumiundefined Offline
                          yogakumi
                          replied to A Former User on last edited by
                          #22

                          @zombiepepega luckily i have a dynamic ip, otherwise i would have been scared all my life

                          1 Reply Last reply
                          1
                          • imsarahhundefined Offline
                            imsarahhundefined Offline
                            imsarahh
                            replied to Invenios on last edited by
                            #23

                            Invenios I know this is nowhere near the level of Plutonium's scale but i've owned Minecraft servers before. I'm the only person who ever even had access to anything even remotely personal. I have never given my staff anything more than that. And the fact Plutonium has given Staff this access is extremely stupid. Imagine one of the staff just decided they don't like someone and leak their IP. I wouldn't be shocked if that has happened before.

                            isaiah666undefined 1 Reply Last reply
                            5
                            • A Former User? Offline
                              A Former User? Offline
                              A Former User
                              wrote on last edited by
                              #24

                              Cigar Very true. This is awful and really embarrassing for something as big as Plutonium.
                              There's nothing we can really do besides complain or help repair though.

                              1 Reply Last reply
                              1
                              • Daltaxundefined Offline
                                Daltaxundefined Offline
                                Daltax
                                replied to Cigar on last edited by
                                #25

                                Cigar I genuinely believe IP addresses won't matter, except for specific targets.
                                Email addresses though, will likely be sold for targeted marketing...

                                Gwontundefined 1 Reply Last reply
                                0
                                • isaiah666undefined Offline
                                  isaiah666undefined Offline
                                  isaiah666
                                  replied to imsarahh on last edited by
                                  #26

                                  imsarahh said in Notification of Plutonium Forum Databreach - September 2021:

                                  Invenios I know this is nowhere near the level of Plutonium's scale but i've owned Minecraft servers before. I'm the only person who ever even had access to anything even remotely personal. I have never given my staff anything more than that. And the fact Plutonium has given Staff this access is extremely stupid. Imagine one of the staff just decided they don't like someone and leak their IP. I wouldn't be shocked if that has happened before.

                                  It really is odd for staff to have access to this information in such a manner, poor way of handling security.

                                  1 Reply Last reply
                                  2
                                  • TylerTTundefined Offline
                                    TylerTTundefined Offline
                                    TylerTT
                                    wrote on last edited by
                                    #27

                                    Condolences to anyone with a static IP. absolute embarrassment with such poor handling.

                                    1 Reply Last reply
                                    3
                                    • xFDundefined Offline
                                      xFDundefined Offline
                                      xFD
                                      replied to Cigar on last edited by
                                      #28

                                      Cigar I don't know any provider that still hands out static IP addresses to the common folk, maybe on request. IF you have a static IP you should know the risks anyway.

                                      1 Reply Last reply
                                      0
                                      • imsarahhundefined Offline
                                        imsarahhundefined Offline
                                        imsarahh
                                        replied to Cigar on last edited by
                                        #29

                                        Cigar I have a static IP, I have been extremely careful about using a VPN and shit. But guess what? I trusted plutonium to not steal my information cause they are "trusted" and now my IP has finally been leaked. So that's fun. Anyone know any good Plutonium alternatives?

                                        xFDundefined Cigarundefined yogakumiundefined Ciscoundefined 4 Replies Last reply
                                        1
                                        • xFDundefined Offline
                                          xFDundefined Offline
                                          xFD
                                          replied to imsarahh on last edited by
                                          #30

                                          imsarahh how can an IP be leaked? It's not like its private information. Im curious

                                          MrAmos123undefined imsarahhundefined isaiah666undefined 3 Replies Last reply
                                          0

                                          • 1
                                          • 2
                                          • 3
                                          • 4
                                          • 5
                                          • 6
                                          • 7
                                          • Login

                                          • Don't have an account? Register

                                          • Login or register to search.
                                          • First post
                                            Last post
                                          0
                                          • Recent
                                          • Tags
                                          • Popular
                                          • Users
                                          • Groups
                                          • Donate