The website, nor was the Dedicated Server hosting the Minecraft server affected by this .
On December 5th, 2019 at around 4:23 PM Central a dormant server that was used temporarily for storing CU backups was compromised and had unauthorized access gained. The server was primarily used for PHP Development for a project outside of CU that had been discontinued.
6 Minutes later, our host had suspended the machine and placed it into rescue mode as a precaution. Someone had managed to execute a script on the server that disabled all forms of logging on that particular server, however we were able to very find the script and determine symptoms to look for.
We eventually pulled CU's Dedicated server at 5:20PM as a precaution.
The server that had been compromised had a uncompressed backup of the server from May 28th, 2019 containing playerdata that could be exploited. While the nature of the attack was primarily for mining, I am not taking any chances here. We can confirm however that no unauthorized access to player accounts via a cracked users had taken place.
Below is details of stuff in the background that was compromised
Definitely Compromised:
- AuthMe Database containing 2440 Users information since March 27th 2017 to May 28th 2019. Containing
- AuthMe Passwords (Hashed and Includes Autologins)
- IP's of your last login from March 27th, 2017 to May 28th, 2019
- Minecraft Server Logs from January 20th, 2019 to May 28th, 2019
- IP Addresses used to last login from Jan 20th to May 28th 2019
If you used the same password on AuthMe on other sites. It is highly recommended that you reset your password. This would only be for cracked accounts
Action Taken:
- All AuthMe Information in the database has been wiped from the production server and is no longer active. If you are a cracked user you will need register for AuthMe again.
- FastLogin tokens for premium accounts have been revoked/wiped.
- Other databases such as MySQL access has had all passwords reset. Even though access to is blocked via firewall.
- As a precaution all points of access to the Dedicated Server were reset.
- The Server in question is no longer used, and the backup system used now, is completely different.
- Made security adjustments to currently used backup server. Including password resets
In The Future:
- We will be wiping the AuthMe database at least twice a year, to not only keep the database small but to make sure that inactive users information is not compromised.
- Will be more aggressive on keeping less logs on the server/more cleaning periods.
- More Security Improvements will be implemented, in the coming days.
- MOST Importantly, all of our servers that are used for CU (and other projects)will be kept track of using a new system so that this will not happen via the same way again.
Questions are welcome, via replying to this topic or Discord DM's to me (EpticRikez)
Regards,
Michael/Eptic