Notification of Plutonium Forum Databreach - September 2021
-
Everyone is giving the staff hell for not realizing the data breach when in reality. Everyone who owns a server and has access to the forums has most if not all scrapped data already available. None of the information is compromised. I appreciate the staff's transparency.
-
@zombiepepega if you don't have a static IP, there isn't much to really worry about. If you have a static IP, every other service you use also knows your city etc. :)))
-
Embarrassment. You guys should be ashamed of this delay in notification and oversight.
-
Mr. Android said in Notification of Plutonium Forum Databreach - September 2021:
What happens next:
The only thing we can do is to notify you all as soon as possible and offer our most sincere apologies for this situation. We deeply regret that it has happened and hope our community can forgive us. Our entire Staff Team take responsibility for this lapse in what is usually a very robust Security Posture.This didn't happen though... you were probably hoping nothing would have happened but I imagine as soon as it was noticed online you had to make an announcement.
You said you were aware of the data being exfiltrated, a more thorough investigation should have happened especially as a staff account was compromised?
Poor handling on multiple levels.
-
Mr. Android said in Notification of Plutonium Forum Databreach - September 2021:
September 23rd, 2021
Glad you have realized it, what has happend to the information of the accounts made before September 23rd, 2021?
-
They got lucky the hacker only stole trivial data. No one really cares about IP addresses anymore. HOW it happened is more than concerning though.
-
xFD said in Notification of Plutonium Forum Databreach - September 2021:
HOW it happened is more than concerning though.
True, this is what actually matters
-
xFD A lot of people still have static IP addresses. And it's not just a small niche group of peoples data, this is 1.3 million IPs, emails, and usernames.
-
@zombiepepega luckily i have a dynamic ip, otherwise i would have been scared all my life
-
Invenios I know this is nowhere near the level of Plutonium's scale but i've owned Minecraft servers before. I'm the only person who ever even had access to anything even remotely personal. I have never given my staff anything more than that. And the fact Plutonium has given Staff this access is extremely stupid. Imagine one of the staff just decided they don't like someone and leak their IP. I wouldn't be shocked if that has happened before.
-
Cigar Very true. This is awful and really embarrassing for something as big as Plutonium.
There's nothing we can really do besides complain or help repair though. -
Cigar I genuinely believe IP addresses won't matter, except for specific targets.
Email addresses though, will likely be sold for targeted marketing... -
imsarahh said in Notification of Plutonium Forum Databreach - September 2021:
Invenios I know this is nowhere near the level of Plutonium's scale but i've owned Minecraft servers before. I'm the only person who ever even had access to anything even remotely personal. I have never given my staff anything more than that. And the fact Plutonium has given Staff this access is extremely stupid. Imagine one of the staff just decided they don't like someone and leak their IP. I wouldn't be shocked if that has happened before.
It really is odd for staff to have access to this information in such a manner, poor way of handling security.
-
Condolences to anyone with a static IP. absolute embarrassment with such poor handling.
-
Cigar I don't know any provider that still hands out static IP addresses to the common folk, maybe on request. IF you have a static IP you should know the risks anyway.
-
Cigar I have a static IP, I have been extremely careful about using a VPN and shit. But guess what? I trusted plutonium to not steal my information cause they are "trusted" and now my IP has finally been leaked. So that's fun. Anyone know any good Plutonium alternatives?
-
imsarahh how can an IP be leaked? It's not like its private information. Im curious
-
imsarahh Condolences. At the moment, there isn't a Plutonium alternative that I am aware of. However, I would suggest contacting your provider and try to inquire about dynamic IPs instead of your current static one. Also, changing your information and or deleting your account on the forums would be wise as well if you don't support/trust Plutonium anymore. (Highly suggest doing so.)
-
xFD Fixed, static addresses could be directly used to gather personal identification and or information.
You can most certainly leak this, given knowledge.It's absolutely not public information.
Either you're being genuine in question, or you're being sarcastic and baiting. I can't tell.
Don't make absolute statements whilst not knowing much about a given topic. It's called naivety.
-
xFD An IP (if static) can be used to DDOS, leak city, and scare dumb people. Sure it's "public information" but it's not treated as such (unless you have a dynamic IP) I've been very careful about not letting sketchy websites have it (I have a browser VPN and a client VPN) and now that good streak is ruined due to plutonium's stupidity. Also anyone wanna mention how theres atleast 30 STAFF who have that information. 30.
