Skip to content
  • Recent
  • Tags
  • Popular
  • Users
  • Groups
  • Donate
Collapse

Plutonium

  1. Home
  2. Announcements
  3. Notification of Plutonium Forum Databreach - September 2021

Notification of Plutonium Forum Databreach - September 2021

Scheduled Pinned Locked Moved Announcements
133 Posts 67 Posters 26.1k Views 4 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • yogakumiundefined yogakumi

    This post is deleted!

    xFDundefined Offline
    xFDundefined Offline
    xFD
    wrote on last edited by
    #66

    yogakumi maybe stop spamming this shit?

    yogakumiundefined 1 Reply Last reply
    0
    • xFDundefined xFD

      KrKd AxiZ One of their admins is a doxxer

      O o fundefined Offline
      O o fundefined Offline
      O o f
      wrote on last edited by
      #67
      This post is deleted!
      1 Reply Last reply
      0
      • imsarahhundefined imsarahh

        Cigar I have a static IP, I have been extremely careful about using a VPN and shit. But guess what? I trusted plutonium to not steal my information cause they are "trusted" and now my IP has finally been leaked. So that's fun. Anyone know any good Plutonium alternatives?

        Ciscoundefined Offline
        Ciscoundefined Offline
        Cisco
        wrote on last edited by
        #68

        imsarahh Just call up your ISP and tell them you need a new IP. Think of some bullshit reason to let them change it and BOOM, you're done and set!

        isaiah666undefined 1 Reply Last reply
        0
        • A Former User? Offline
          A Former User? Offline
          A Former User
          wrote on last edited by
          #69

          this is my last post. Cya guys its been fun

          1 Reply Last reply
          0
          • xFDundefined xFD

            yogakumi maybe stop spamming this shit?

            yogakumiundefined Offline
            yogakumiundefined Offline
            yogakumi
            wrote on last edited by
            #70

            xFD okay sry

            1 Reply Last reply
            0
            • Ciscoundefined Cisco

              imsarahh Just call up your ISP and tell them you need a new IP. Think of some bullshit reason to let them change it and BOOM, you're done and set!

              isaiah666undefined Offline
              isaiah666undefined Offline
              isaiah666
              wrote on last edited by
              #71

              Cisco

              Most ISP's should be able to use your IP being leaked as a valid reason to change it.

              1 Reply Last reply
              0
              • Mr. Androidundefined Mr. Android

                Hello community,

                It is with deep regret that the Plutonium Staff Team need to give notice that in September 2021, data was stolen from our forum. This affected all 1.3 million registered users at the time at the date of the breach. We became aware of this breach on September 20th, 2022, after being alerted that the data is being sold on cybercrime forums.

                The stolen data DOES NOT include:

                • Passwords
                • Server keys
                • Hardware information used for Anti-Cheat ban evasion detection
                • Information on any of the 2 million registered users who signed up after September 23rd, 2021

                The stolen data does include:

                • Usernames
                • User IDs
                • Email address history
                • IP addresses used to access the forum
                • Registration dates
                • Last login dates

                As such, no server keys or passwords have been reset.

                Our investigation:
                Upon being alerted, Plutonium Staff Administrators confirmed the legitimacy of the data in the breach and began investigating the root cause of the breach. This root cause is that a staff members' iCloud account was compromised, this iCloud account had an iPhone backup stored on it and the attacker restored this backup to a phone they controlled. This also restored the staff members' 2-Factor Authentication Secrets which allowed the attacker to generate authentic 2FA codes and thus allowed them to login to our forum as the compromised staff account.

                From here the attacker used our forum's API to scrape all registered users' profile data, and due to having access to a staff account, this data included IP address and Email Address history. Hence the stolen data includes more than the public facing profile information.

                During the attack in 2021 the Plutonium Staff team did detect the exfiltration of the data, however we mistakenly believed this to be somebody scraping the public information from profiles as we did not realise a staff account was being used. We put mitigations in place to stop the scraping of this information and assumed we had fixed the issue. We did not report this scraping to the community due to our belief that the scraped information was public profile information, such as usernames, registration date and last login dates.

                The staff member that was compromised did not report the issue to Plutonium Staff Administrators due to the attacker attempting to access their bank accounts and other sensitive accounts and as such the idea that they may have targeted the staff members' Plutonium account did not occur to them, however they did reset their passwords and re-generate their 2 Factor Authentication secrets.

                Passwords and server keys were confirmed to not have been stolen. Server keys are stored in a different database and passwords are stored in a hashed fashion that even Plutonium Forum Administrators cannot access.

                What happens next:
                The only thing we can do is to notify you all as soon as possible and offer our most sincere apologies for this situation. We deeply regret that it has happened and hope our community can forgive us. Our entire Staff Team take responsibility for this lapse in what is usually a very robust Security Posture.

                We are unable to contact all affected users as we do not have the email abilities to send over 1 million emails, but by posting this message publicly we are hoping that the news will travel to most of them.

                We will also be in touch with the appropriate authorities.

                All our staff are required to have 2 Factor Authentication enabled on all Plutonium accounts, this has been in place since we started our forums in 2020, however we will now be doing periodic re-generation of 2FA secrets to avoid backed up Authenticator apps from being useful if they fall into the wrong hands.

                Timeline of events:
                September 2021: Data is stolen using a compromised staff account and compromised iCloud iPhone backup.
                September 2021: Exfiltration of data is spotted by Plutonium Staff and is mistakenly identified as public data, protections to stop the scraping is put in place.
                September 20th 2022: Plutonium Staff are notified of a potential breach.
                September 21st 2022: Plutonium Staff confirm breach is legit and begin investigation.
                September 22nd 2022: Investigation is completed, notification of breach is sent to the community.

                Context of Breach:
                As of September 2022, Plutonium has 3 million registered users, this breach affects 1.3 million users who registered before September 24th, 2021. From our understanding there has been 1 year from when the data was originally stolen to when it started to be publicly sold online.

                Once again, we would like to apologize for this isolated incident.

                UnOfficialundefined Offline
                UnOfficialundefined Offline
                UnOfficial
                Contributor
                wrote on last edited by
                #72

                It is sad to hear it took a whole year to notice this breach, but however it is good to hear it was a breach of a user and not the system itself with the breach only containing semi important PII but nothing that could ruin an individual. Hopefully this is the last and only data breach we hear of come from Plutonium.

                1 Reply Last reply
                1
                • imsarahhundefined imsarahh

                  @Mr-Android said in Notification of Plutonium Forum Databreach - September 2021:

                  From here the attacker used our forum's API to scrape all registered users' profile data, and due to having access to a staff account, this data included IP address and Email Address history. Hence the stolen data includes more than the public facing profile information.
                  During the attack in 2021 the Plutonium Staff team did detect the exfiltration of the data, however we mistakenly believed this to be somebody sc

                  The real question here is why did a STAFF MEMBER even have access to that information, what happens if they were to go rogue. Completely unacceptable. Not to mention you muted everyone in the discord server to try and circumvent backlash. I think it might be time for everyone to switch to a different client.

                  JakeFromTheFarmundefined Offline
                  JakeFromTheFarmundefined Offline
                  JakeFromTheFarm
                  wrote on last edited by
                  #73

                  imsarahh Have at it sarah, the staff team is just relaying the info im sure he doesnt wanna be the one to listen to everyones problems

                  1 Reply Last reply
                  0
                  • Mr. Androidundefined Mr. Android

                    Hello community,

                    It is with deep regret that the Plutonium Staff Team need to give notice that in September 2021, data was stolen from our forum. This affected all 1.3 million registered users at the time at the date of the breach. We became aware of this breach on September 20th, 2022, after being alerted that the data is being sold on cybercrime forums.

                    The stolen data DOES NOT include:

                    • Passwords
                    • Server keys
                    • Hardware information used for Anti-Cheat ban evasion detection
                    • Information on any of the 2 million registered users who signed up after September 23rd, 2021

                    The stolen data does include:

                    • Usernames
                    • User IDs
                    • Email address history
                    • IP addresses used to access the forum
                    • Registration dates
                    • Last login dates

                    As such, no server keys or passwords have been reset.

                    Our investigation:
                    Upon being alerted, Plutonium Staff Administrators confirmed the legitimacy of the data in the breach and began investigating the root cause of the breach. This root cause is that a staff members' iCloud account was compromised, this iCloud account had an iPhone backup stored on it and the attacker restored this backup to a phone they controlled. This also restored the staff members' 2-Factor Authentication Secrets which allowed the attacker to generate authentic 2FA codes and thus allowed them to login to our forum as the compromised staff account.

                    From here the attacker used our forum's API to scrape all registered users' profile data, and due to having access to a staff account, this data included IP address and Email Address history. Hence the stolen data includes more than the public facing profile information.

                    During the attack in 2021 the Plutonium Staff team did detect the exfiltration of the data, however we mistakenly believed this to be somebody scraping the public information from profiles as we did not realise a staff account was being used. We put mitigations in place to stop the scraping of this information and assumed we had fixed the issue. We did not report this scraping to the community due to our belief that the scraped information was public profile information, such as usernames, registration date and last login dates.

                    The staff member that was compromised did not report the issue to Plutonium Staff Administrators due to the attacker attempting to access their bank accounts and other sensitive accounts and as such the idea that they may have targeted the staff members' Plutonium account did not occur to them, however they did reset their passwords and re-generate their 2 Factor Authentication secrets.

                    Passwords and server keys were confirmed to not have been stolen. Server keys are stored in a different database and passwords are stored in a hashed fashion that even Plutonium Forum Administrators cannot access.

                    What happens next:
                    The only thing we can do is to notify you all as soon as possible and offer our most sincere apologies for this situation. We deeply regret that it has happened and hope our community can forgive us. Our entire Staff Team take responsibility for this lapse in what is usually a very robust Security Posture.

                    We are unable to contact all affected users as we do not have the email abilities to send over 1 million emails, but by posting this message publicly we are hoping that the news will travel to most of them.

                    We will also be in touch with the appropriate authorities.

                    All our staff are required to have 2 Factor Authentication enabled on all Plutonium accounts, this has been in place since we started our forums in 2020, however we will now be doing periodic re-generation of 2FA secrets to avoid backed up Authenticator apps from being useful if they fall into the wrong hands.

                    Timeline of events:
                    September 2021: Data is stolen using a compromised staff account and compromised iCloud iPhone backup.
                    September 2021: Exfiltration of data is spotted by Plutonium Staff and is mistakenly identified as public data, protections to stop the scraping is put in place.
                    September 20th 2022: Plutonium Staff are notified of a potential breach.
                    September 21st 2022: Plutonium Staff confirm breach is legit and begin investigation.
                    September 22nd 2022: Investigation is completed, notification of breach is sent to the community.

                    Context of Breach:
                    As of September 2022, Plutonium has 3 million registered users, this breach affects 1.3 million users who registered before September 24th, 2021. From our understanding there has been 1 year from when the data was originally stolen to when it started to be publicly sold online.

                    Once again, we would like to apologize for this isolated incident.

                    ChimpVEVOundefined Offline
                    ChimpVEVOundefined Offline
                    ChimpVEVO
                    wrote on last edited by
                    #74

                    @Mr-Android Everyone's like "Unacceptable!" "You should be ashamed!"
                    Meanwhile, I don't even know what this means. 😳

                    Cigarundefined 1 Reply Last reply
                    0
                    • ChimpVEVOundefined ChimpVEVO

                      @Mr-Android Everyone's like "Unacceptable!" "You should be ashamed!"
                      Meanwhile, I don't even know what this means. 😳

                      Cigarundefined Offline
                      Cigarundefined Offline
                      Cigar
                      wrote on last edited by Cigar
                      #75

                      ChimpVEVO Private information was stolen and is being/was sold online after a Plutonium staffs iCloud was breached by a random person.

                      1 Reply Last reply
                      0
                      • Soliderrorundefined Offline
                        Soliderrorundefined Offline
                        Soliderror
                        wrote on last edited by
                        #76

                        For everyone that thinks deleteing your account and using a different client would be the best thing to do, It isn't. The best thing to do now is: Change your password, Make a new email to keep away from spam, call your isp and ask for a ip change. The Pluto team found the attack, and that's what matters, they will learn from this mistake and are putting new security measures in place, lots of other clients would not even try to add new security measures let alone let you know what happened. It took alot for them to even notify the community but it was the right thing to do.

                        Lightshadow368undefined KrKd AxiZundefined 2 Replies Last reply
                        1
                        • 2016hvhlegendeundefined Offline
                          2016hvhlegendeundefined Offline
                          2016hvhlegende
                          wrote on last edited by
                          #77

                          glad i could at least alert you guys - take it under your wing and learn from it!

                          1 Reply Last reply
                          1
                          • leobipbopundefined Offline
                            leobipbopundefined Offline
                            leobipbop
                            wrote on last edited by leobipbop
                            #78

                            So does that mean we're finally having an offline option ? (I mean lan-only with no internet and so no account required)
                            🦆

                            INSANEMODEundefined 1 Reply Last reply
                            0
                            • leobipbopundefined leobipbop

                              So does that mean we're finally having an offline option ? (I mean lan-only with no internet and so no account required)
                              🦆

                              INSANEMODEundefined Offline
                              INSANEMODEundefined Offline
                              INSANEMODE
                              Contributor
                              wrote on last edited by INSANEMODE
                              #79

                              leobipbop that has been an option for a long time. Just have to add -lan to your launch options when launching from the bootstrapper, instead of the launcher, for both the client and server.

                              leobipbopundefined SkratchZundefined 2 Replies Last reply
                              1
                              • taphundefined Offline
                                taphundefined Offline
                                taph
                                wrote on last edited by
                                #80

                                well this kinda sucks

                                1 Reply Last reply
                                0
                                • INSANEMODEundefined INSANEMODE

                                  leobipbop that has been an option for a long time. Just have to add -lan to your launch options when launching from the bootstrapper, instead of the launcher, for both the client and server.

                                  leobipbopundefined Offline
                                  leobipbopundefined Offline
                                  leobipbop
                                  wrote on last edited by
                                  #81

                                  INSANEMODE Did you try it without internet at all 🙂 ?

                                  1 Reply Last reply
                                  0
                                  • Mr. Androidundefined Mr. Android

                                    Hello community,

                                    It is with deep regret that the Plutonium Staff Team need to give notice that in September 2021, data was stolen from our forum. This affected all 1.3 million registered users at the time at the date of the breach. We became aware of this breach on September 20th, 2022, after being alerted that the data is being sold on cybercrime forums.

                                    The stolen data DOES NOT include:

                                    • Passwords
                                    • Server keys
                                    • Hardware information used for Anti-Cheat ban evasion detection
                                    • Information on any of the 2 million registered users who signed up after September 23rd, 2021

                                    The stolen data does include:

                                    • Usernames
                                    • User IDs
                                    • Email address history
                                    • IP addresses used to access the forum
                                    • Registration dates
                                    • Last login dates

                                    As such, no server keys or passwords have been reset.

                                    Our investigation:
                                    Upon being alerted, Plutonium Staff Administrators confirmed the legitimacy of the data in the breach and began investigating the root cause of the breach. This root cause is that a staff members' iCloud account was compromised, this iCloud account had an iPhone backup stored on it and the attacker restored this backup to a phone they controlled. This also restored the staff members' 2-Factor Authentication Secrets which allowed the attacker to generate authentic 2FA codes and thus allowed them to login to our forum as the compromised staff account.

                                    From here the attacker used our forum's API to scrape all registered users' profile data, and due to having access to a staff account, this data included IP address and Email Address history. Hence the stolen data includes more than the public facing profile information.

                                    During the attack in 2021 the Plutonium Staff team did detect the exfiltration of the data, however we mistakenly believed this to be somebody scraping the public information from profiles as we did not realise a staff account was being used. We put mitigations in place to stop the scraping of this information and assumed we had fixed the issue. We did not report this scraping to the community due to our belief that the scraped information was public profile information, such as usernames, registration date and last login dates.

                                    The staff member that was compromised did not report the issue to Plutonium Staff Administrators due to the attacker attempting to access their bank accounts and other sensitive accounts and as such the idea that they may have targeted the staff members' Plutonium account did not occur to them, however they did reset their passwords and re-generate their 2 Factor Authentication secrets.

                                    Passwords and server keys were confirmed to not have been stolen. Server keys are stored in a different database and passwords are stored in a hashed fashion that even Plutonium Forum Administrators cannot access.

                                    What happens next:
                                    The only thing we can do is to notify you all as soon as possible and offer our most sincere apologies for this situation. We deeply regret that it has happened and hope our community can forgive us. Our entire Staff Team take responsibility for this lapse in what is usually a very robust Security Posture.

                                    We are unable to contact all affected users as we do not have the email abilities to send over 1 million emails, but by posting this message publicly we are hoping that the news will travel to most of them.

                                    We will also be in touch with the appropriate authorities.

                                    All our staff are required to have 2 Factor Authentication enabled on all Plutonium accounts, this has been in place since we started our forums in 2020, however we will now be doing periodic re-generation of 2FA secrets to avoid backed up Authenticator apps from being useful if they fall into the wrong hands.

                                    Timeline of events:
                                    September 2021: Data is stolen using a compromised staff account and compromised iCloud iPhone backup.
                                    September 2021: Exfiltration of data is spotted by Plutonium Staff and is mistakenly identified as public data, protections to stop the scraping is put in place.
                                    September 20th 2022: Plutonium Staff are notified of a potential breach.
                                    September 21st 2022: Plutonium Staff confirm breach is legit and begin investigation.
                                    September 22nd 2022: Investigation is completed, notification of breach is sent to the community.

                                    Context of Breach:
                                    As of September 2022, Plutonium has 3 million registered users, this breach affects 1.3 million users who registered before September 24th, 2021. From our understanding there has been 1 year from when the data was originally stolen to when it started to be publicly sold online.

                                    Once again, we would like to apologize for this isolated incident.

                                    stacyyundefined Offline
                                    stacyyundefined Offline
                                    stacyy
                                    wrote on last edited by
                                    #82
                                    This post is deleted!
                                    1 Reply Last reply
                                    0
                                    • chasef7undefined Offline
                                      chasef7undefined Offline
                                      chasef7
                                      Banned
                                      wrote on last edited by
                                      #83

                                      damn people are actually upset about this 💀 💀 💀 💀 💀 💀 💀

                                      your IP address being known by someone that doesnt know you is completely harmless.

                                      your email already gets spammed.

                                      STOP CRYING

                                      IHateBlackOps4undefined 1 Reply Last reply
                                      2
                                      • Mr. Androidundefined Mr. Android

                                        Hello community,

                                        It is with deep regret that the Plutonium Staff Team need to give notice that in September 2021, data was stolen from our forum. This affected all 1.3 million registered users at the time at the date of the breach. We became aware of this breach on September 20th, 2022, after being alerted that the data is being sold on cybercrime forums.

                                        The stolen data DOES NOT include:

                                        • Passwords
                                        • Server keys
                                        • Hardware information used for Anti-Cheat ban evasion detection
                                        • Information on any of the 2 million registered users who signed up after September 23rd, 2021

                                        The stolen data does include:

                                        • Usernames
                                        • User IDs
                                        • Email address history
                                        • IP addresses used to access the forum
                                        • Registration dates
                                        • Last login dates

                                        As such, no server keys or passwords have been reset.

                                        Our investigation:
                                        Upon being alerted, Plutonium Staff Administrators confirmed the legitimacy of the data in the breach and began investigating the root cause of the breach. This root cause is that a staff members' iCloud account was compromised, this iCloud account had an iPhone backup stored on it and the attacker restored this backup to a phone they controlled. This also restored the staff members' 2-Factor Authentication Secrets which allowed the attacker to generate authentic 2FA codes and thus allowed them to login to our forum as the compromised staff account.

                                        From here the attacker used our forum's API to scrape all registered users' profile data, and due to having access to a staff account, this data included IP address and Email Address history. Hence the stolen data includes more than the public facing profile information.

                                        During the attack in 2021 the Plutonium Staff team did detect the exfiltration of the data, however we mistakenly believed this to be somebody scraping the public information from profiles as we did not realise a staff account was being used. We put mitigations in place to stop the scraping of this information and assumed we had fixed the issue. We did not report this scraping to the community due to our belief that the scraped information was public profile information, such as usernames, registration date and last login dates.

                                        The staff member that was compromised did not report the issue to Plutonium Staff Administrators due to the attacker attempting to access their bank accounts and other sensitive accounts and as such the idea that they may have targeted the staff members' Plutonium account did not occur to them, however they did reset their passwords and re-generate their 2 Factor Authentication secrets.

                                        Passwords and server keys were confirmed to not have been stolen. Server keys are stored in a different database and passwords are stored in a hashed fashion that even Plutonium Forum Administrators cannot access.

                                        What happens next:
                                        The only thing we can do is to notify you all as soon as possible and offer our most sincere apologies for this situation. We deeply regret that it has happened and hope our community can forgive us. Our entire Staff Team take responsibility for this lapse in what is usually a very robust Security Posture.

                                        We are unable to contact all affected users as we do not have the email abilities to send over 1 million emails, but by posting this message publicly we are hoping that the news will travel to most of them.

                                        We will also be in touch with the appropriate authorities.

                                        All our staff are required to have 2 Factor Authentication enabled on all Plutonium accounts, this has been in place since we started our forums in 2020, however we will now be doing periodic re-generation of 2FA secrets to avoid backed up Authenticator apps from being useful if they fall into the wrong hands.

                                        Timeline of events:
                                        September 2021: Data is stolen using a compromised staff account and compromised iCloud iPhone backup.
                                        September 2021: Exfiltration of data is spotted by Plutonium Staff and is mistakenly identified as public data, protections to stop the scraping is put in place.
                                        September 20th 2022: Plutonium Staff are notified of a potential breach.
                                        September 21st 2022: Plutonium Staff confirm breach is legit and begin investigation.
                                        September 22nd 2022: Investigation is completed, notification of breach is sent to the community.

                                        Context of Breach:
                                        As of September 2022, Plutonium has 3 million registered users, this breach affects 1.3 million users who registered before September 24th, 2021. From our understanding there has been 1 year from when the data was originally stolen to when it started to be publicly sold online.

                                        Once again, we would like to apologize for this isolated incident.

                                        A Former User? Offline
                                        A Former User? Offline
                                        A Former User
                                        wrote on last edited by
                                        #84

                                        @Mr-Android I have a dynamic IP so I'm guessing I'm fine, and I'm hoping you'll remove all this sensitive information from the hands of everyone at the plutonium staff, really don't know why they would even have access to this.

                                        1 Reply Last reply
                                        1
                                        • chasef7undefined chasef7

                                          damn people are actually upset about this 💀 💀 💀 💀 💀 💀 💀

                                          your IP address being known by someone that doesnt know you is completely harmless.

                                          your email already gets spammed.

                                          STOP CRYING

                                          IHateBlackOps4undefined Offline
                                          IHateBlackOps4undefined Offline
                                          IHateBlackOps4
                                          wrote on last edited by
                                          #85

                                          chasef7 People just want a reason to get mad over everything, especially in gaming. I'm sure in a few days everyone will forget about this and things will be back to normal.

                                          hindercanrunundefined 1 Reply Last reply
                                          2
                                          Reply
                                          • Reply as topic
                                          Log in to reply
                                          • Oldest to Newest
                                          • Newest to Oldest
                                          • Most Votes


                                          • 1
                                          • 2
                                          • 3
                                          • 4
                                          • 5
                                          • 6
                                          • 7
                                          • Login

                                          • Don't have an account? Register

                                          • Login or register to search.
                                          • First post
                                            Last post
                                          0
                                          • Recent
                                          • Tags
                                          • Popular
                                          • Users
                                          • Groups
                                          • Donate