Become a premium member to remove ads
AwakenedRage

Dec 5th 2019 Security Incident

5 posts in this topic

The website, nor was the Dedicated Server hosting the Minecraft server affected by this .

On December 5th, 2019 at around 4:23 PM Central a dormant server that was used temporarily for storing CU backups was compromised and had unauthorized access gained. The server was primarily used for PHP Development for a project outside of CU that had been discontinued.  

 

6 Minutes later, our host had suspended the machine and placed it into rescue mode as a precaution. Someone had managed to execute a script on the server that disabled all forms of logging on that particular server, however we were able to very find the script and determine symptoms to look for.

 

We eventually pulled CU's Dedicated server at 5:20PM as a precaution.

 

The server that had been compromised had a uncompressed backup of the server from May 28th, 2019 containing playerdata that could be exploited. While the nature of the attack was primarily for mining, I am not taking any chances here. We can confirm however that no unauthorized access to player accounts via a cracked users had taken place. 


Below is details of stuff in the background that was compromised

 

Definitely Compromised:

  • AuthMe Database containing 2440 Users information since March 27th 2017 to May 28th 2019. Containing
  • AuthMe Passwords (Hashed and Includes Autologins)
  • IP's of your last login from March 27th, 2017 to May 28th, 2019
  • Minecraft Server Logs from January 20th, 2019 to May 28th, 2019
  • IP Addresses used to last login from Jan 20th to May 28th 2019

 

If you used the same password on AuthMe on other sites. It is highly recommended that you reset your password.  This would only be for cracked accounts

Action Taken:

  • All AuthMe Information in the database has been wiped from the production server and is no longer active. If you are a cracked user you will need register for AuthMe again.
  • FastLogin tokens for premium accounts have been revoked/wiped.
  • Other databases such as MySQL access has had all passwords reset.  Even though access to is blocked via firewall. 
  • As a precaution all points of access to the Dedicated Server were reset.
  • The Server in question is no longer used, and the backup system used now, is completely different.
  • Made security adjustments to currently used backup server. Including password resets

 

In The Future:

  • We will be wiping the AuthMe database at least twice a year, to not only keep the database small but to make sure that inactive users information is not compromised.
  • Will be more aggressive on keeping less logs on the server/more cleaning periods.
  • More Security Improvements will be implemented, in the coming days. 
  • MOST Importantly,  all of our servers that are used for CU (and other projects)will be kept track of using a new system so that this will not happen via the same way again. 

 

Questions are welcome, via replying to this topic or Discord DM's to me (EpticRikez)

 

Regards,

Michael/Eptic

Share this post


Link to post
Share on other sites

5 minutes ago, ____Jayden said:

That's no good.

This happened while I was supposed to be studying for finals and took 3 hours to go through everything. Beyond pissed at the timing. 

Share this post


Link to post
Share on other sites

Just now, AwakenedRage said:

This happened while I was supposed to be studying for finals and took 3 hours to go through everything. Beyond pissed at the timing. 

Damn that sucks man..

Share this post


Link to post
Share on other sites

Just an added note: While I personally find completely wiping AuthMe/FastLogin data twice a year a bit excessive - I should reiterate that this (and any future) resets will only ever affect cracked players. Since Premium users are logged in and registered automatically through FastLogin, you will never have had to enter any passwords. The only change you'll notice is that, with this reset, you might get a message upon logging in that you were auto-registered. That's it.

 

So if you're premium you shouldn't have anything to worry about. :Bouncycat:

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now