[r3408] Update Ruined Controller-support

We've found the issue and this is now being tested.

We are currently looking at this now. We do not support downgrading and attempts could trigger the anticheat.

Do you have discord? If so please provide your tag so we can discuss the issue quicker. Just incase we struggle to replicate the issue fully.

delo_rizzilhimer Go to the redist folder in your game files and then run DXSETUP.exe as admin and let it install. Then try again. You might need to restart your computer.

This will be fixed in an update coming within the next week or two.

Every website must use your personal information to operate. The EU has a data protection law called GDPR - in our opinion it's a great law and helps to protect people. As part of that law, sites must tell people if their personal information is used and give them the right to delete their data. (You can delete your account on your profile in the top right)

As such, we follow all GDPR suggestions in terms of informing our visitors. We use information such as your email address, to send you password reset emails. Your IP address and the username you pick, so we can store your account details, connect you to game servers, load your stats etc etc

Those "do you want to allow cookies" noticies are part of GDPR too.

https://en.wikipedia.org/wiki/General_Data_Protection_Regulation

I hope that helps explain

Edit:

Due to GDPR - some sites in the USA will block EU visitors because they'd rather not protect data well enough to meet GDPR requirements.

GDPR is only really important for companies, clan websites and such are not really going to follow it. We follow it as best as we can even though we are not a company simply because we agree with the principle behind it. Infact many of Plutonium Staff work in the IT sector and security and computer science.

GhostRider0125 Ohhhhhh - i get it, sorry I feel stupid now.

I'll see if we can investigate on our side.

I saw "no words" and almost didn't make this reply. Put a little bit of effort in...

How exactly are they broken? Can you show a video to demonstrate?

Just to advise, we have replicated the issue on our side and are investigating this.

This client is made by the same person who made most of Xlabs (IW4x) - so should work out well.

hindercanrun Since people claim to want this so badly, i see no reason why they won't buy a copy of BO3. Plus it likely helps alot with avoiding ATVI from coming down on them.

We don't have a ban reason stated for you so your ban is likely from before we used a bot to do the banning, so probably a good while ago. So I've removed the ban - you should now be able to rejoin

Agreed, these look amazing, well done!

Lets bring this back.

https://www.youtube.com/watch?v=uKAC7eJds5c

Cigar said in Notification of Plutonium Forum Databreach - September 2021:

Embarrassing to say the least. It took you over a YEAR to acknowledge 1.3 million users data was stolen and most likely sold to the highest bidder.

We became aware 2 days ago and have worked to investigate and notify as soon as possible. Although we do accept that this is unfortunate.

Hello community,

It is with deep regret that the Plutonium Staff Team need to give notice that in September 2021, data was stolen from our forum. This affected all 1.3 million registered users at the time at the date of the breach. We became aware of this breach on September 20th, 2022, after being alerted that the data is being sold on cybercrime forums.

The stolen data DOES NOT include:

• Passwords
• Server keys
• Hardware information used for Anti-Cheat ban evasion detection
• Information on any of the 2 million registered users who signed up after September 23rd, 2021

The stolen data does include:

• Usernames
• User IDs
• Email address history
• IP addresses used to access the forum
• Registration dates
• Last login dates

As such, no server keys or passwords have been reset.

Our investigation:
Upon being alerted, Plutonium Staff Administrators confirmed the legitimacy of the data in the breach and began investigating the root cause of the breach. This root cause is that a staff members' iCloud account was compromised, this iCloud account had an iPhone backup stored on it and the attacker restored this backup to a phone they controlled. This also restored the staff members' 2-Factor Authentication Secrets which allowed the attacker to generate authentic 2FA codes and thus allowed them to login to our forum as the compromised staff account.

From here the attacker used our forum's API to scrape all registered users' profile data, and due to having access to a staff account, this data included IP address and Email Address history. Hence the stolen data includes more than the public facing profile information.

During the attack in 2021 the Plutonium Staff team did detect the exfiltration of the data, however we mistakenly believed this to be somebody scraping the public information from profiles as we did not realise a staff account was being used. We put mitigations in place to stop the scraping of this information and assumed we had fixed the issue. We did not report this scraping to the community due to our belief that the scraped information was public profile information, such as usernames, registration date and last login dates.

The staff member that was compromised did not report the issue to Plutonium Staff Administrators due to the attacker attempting to access their bank accounts and other sensitive accounts and as such the idea that they may have targeted the staff members' Plutonium account did not occur to them, however they did reset their passwords and re-generate their 2 Factor Authentication secrets.

Passwords and server keys were confirmed to not have been stolen. Server keys are stored in a different database and passwords are stored in a hashed fashion that even Plutonium Forum Administrators cannot access.

What happens next:
The only thing we can do is to notify you all as soon as possible and offer our most sincere apologies for this situation. We deeply regret that it has happened and hope our community can forgive us. Our entire Staff Team take responsibility for this lapse in what is usually a very robust Security Posture.

We are unable to contact all affected users as we do not have the email abilities to send over 1 million emails, but by posting this message publicly we are hoping that the news will travel to most of them.

We will also be in touch with the appropriate authorities.

All our staff are required to have 2 Factor Authentication enabled on all Plutonium accounts, this has been in place since we started our forums in 2020, however we will now be doing periodic re-generation of 2FA secrets to avoid backed up Authenticator apps from being useful if they fall into the wrong hands.

Timeline of events:
September 2021: Data is stolen using a compromised staff account and compromised iCloud iPhone backup.
September 2021: Exfiltration of data is spotted by Plutonium Staff and is mistakenly identified as public data, protections to stop the scraping is put in place.
September 20th 2022: Plutonium Staff are notified of a potential breach.
September 21st 2022: Plutonium Staff confirm breach is legit and begin investigation.
September 22nd 2022: Investigation is completed, notification of breach is sent to the community.

Context of Breach:
As of September 2022, Plutonium has 3 million registered users, this breach affects 1.3 million users who registered before September 24th, 2021. From our understanding there has been 1 year from when the data was originally stolen to when it started to be publicly sold online.

Once again, we would like to apologize for this isolated incident.

https://forum.plutonium.pw/user/oneplayer/consent

This should answer the question for you.

We also collect information about your hardware (known as a Hardware ID / HWID) when you run Plutonium to enforce game bans. This information is tied to your unique user ID to pseduo-anonymize the data. Therefore your Personally Identifiable Information (email address in this instance) is not linked directly to the HWID.

LUNATIC-TEAM said in I apologize, I understand that I was doing bad. Please, give me a second chance, it'll be fine, ill promise.:

Please, I was a 10 years old kid.

So you're 11 now? Need to be 13 or older to register on this forum and to have a Discord account. Another reason to remain banned.

Thank you very much

Can you provide your transation ID from paypal please.

Can you provide your transation ID from paypal please.

Can you provide your transation ID from paypal please.