Upvote Upvoted 28 Downvote Downvoted
1 2 3 4
ayy scam smh
1
#1
0 Frags +

http://i.imgur.com/iTrpHXB.png

[img]http://i.imgur.com/iTrpHXB.png[/img]
2
#2
21 Frags +

unlimited tf2 keys? How do I sign up?

unlimited tf2 keys? How do I sign up?
3
#3
-5 Frags +

Scammers leading a league of cheaters?

:)

Scammers leading a league of cheaters?

:)
4
#4
19 Frags +

#BringBackRobinWilliams2015

#BringBackRobinWilliams2015
5
#5
7 Frags +
fuckmachine#BringBackRobinWilliams2015

yes that is my highlander team

[quote=fuckmachine]#BringBackRobinWilliams2015[/quote]
yes that is my highlander team
6
#6
2 Frags +

IS IT A SPOOF OR SOMETHING REAL? Cause if it is real then :D

IS IT A SPOOF OR SOMETHING REAL? Cause if it is real then :D
7
#7
19 Frags +

http://i.imgur.com/twyNDzu.png

the plot thickens

[img]http://i.imgur.com/twyNDzu.png[/img]
the plot thickens
8
#8
53 Frags +

http://i.imgur.com/aQ170Rs.gif

[img]http://i.imgur.com/aQ170Rs.gif[/img]
9
#9
11 Frags +

I see someone followed the same business classes as ESEA did. Fingers crossed they pass the finals!

I see someone followed the same business classes as ESEA did. Fingers crossed they pass the finals!
10
#10
17 Frags +

Whoever sent that message can't do any more damage. All hands are on deck trying to sort this out.

I'll try to keep this thread updated with our announcements, as well as emailing UGC leaders and posting on our forums. Bear with us please!

Whoever sent that message can't do any more damage. All hands are on deck trying to sort this out.

I'll try to keep this thread updated with our announcements, as well as emailing UGC leaders and posting on our forums. Bear with us please!
11
#11
0 Frags +
smoboWhoever sent that message can't do any more damage. All hands are on deck trying to sort this out.

I'll try to keep this thread updated with our announcements, as well as emailing UGC leaders and posting on our forums. Bear with us please!

do you know what may be the cause of this?

[quote=smobo]Whoever sent that message can't do any more damage. All hands are on deck trying to sort this out.

I'll try to keep this thread updated with our announcements, as well as emailing UGC leaders and posting on our forums. Bear with us please![/quote]
do you know what may be the cause of this?
12
#12
-3 Frags +
THEBILLDOZERhttp://i.imgur.com/twyNDzu.png
the plot thickens

damage control

[quote=THEBILLDOZER][img]http://i.imgur.com/twyNDzu.png[/img]
the plot thickens[/quote]
damage control
13
#13
0 Frags +

is the ugc website offline

is the ugc website offline
14
#14
4 Frags +

This Site Is In Maintenance Mode, updating.
Go To UGC Forums

This Site Is In Maintenance Mode, updating.
Go To UGC Forums
15
#15
-8 Frags +

ddos

ddos
16
#16
0 Frags +

smh

smh
17
#17
15 Frags +

if i click it

will i get my medal?

if i click it

will i get my medal?
18
#18
22 Frags +

better scam would have been click4medals

better scam would have been click4medals
19
#19
6 Frags +

Most site functionality is up again, but login stuff for team owners may not work yet. You should be able to play 6v6 matches tonight unhindered, just add the other team on steam, and if you need something you would normally use match comms for, talk to an admin.

Most site functionality is up again, but login stuff for team owners may not work yet. You should be able to play 6v6 matches tonight unhindered, just add the other team on steam, and if you need something you would normally use match comms for, [url=http://www.ugcleague.com/staff.cfm]talk to an admin[/url].
20
#20
17 Frags +
smoboMost site functionality is up again, but login stuff for team owners may not work yet. You should be able to play 6v6 matches tonight unhindered, just add the other team on steam, and if you need something you would normally use match comms for, talk to an admin.

If you have any issues please talk to Smobo, he's very lonely

[quote=smobo]Most site functionality is up again, but login stuff for team owners may not work yet. You should be able to play 6v6 matches tonight unhindered, just add the other team on steam, and if you need something you would normally use match comms for, [url=http://www.ugcleague.com/staff.cfm]talk to an admin[/url].[/quote]

If you have any issues please talk to Smobo, he's very lonely
21
#21
11 Frags +

If your official email was compromised what guarantees do we have that our login info wasn't compromised as well?

If your official email was compromised what guarantees do we have that our login info wasn't compromised as well?
22
#22
-10 Frags +
KanecoIf your official email was compromised what guarantees do we have that our login info wasn't compromised as well?

oh no my ugc login

[quote=Kaneco]If your official email was compromised what guarantees do we have that our login info wasn't compromised as well?[/quote]

oh no my ugc login
23
#23
1 Frags +
fatswimdudeKanecoIf your official email was compromised what guarantees do we have that our login info wasn't compromised as well?
oh no my ugc login

Well u might not be concerned but some people do share login information between different sites, and even then, last time I checked, ugc not only has your email stored but the profile page now also has twitter/fb/youtube/twitch links if u updated those, you can do a lot of stuff with that kind of information. So yes, if all that was compromised I would appreciate to know it happened .

[quote=fatswimdude][quote=Kaneco]If your official email was compromised what guarantees do we have that our login info wasn't compromised as well?[/quote]

oh no my ugc login[/quote]
Well u might not be concerned but some people do share login information between different sites, and even then, last time I checked, ugc not only has your email stored but the profile page now also has twitter/fb/youtube/twitch links if u updated those, you can do a lot of stuff with that kind of information. So yes, if all that was compromised I would appreciate to know it happened .
24
#24
26 Frags +

Earlier today, at 15:54 EST, an unauthorized party gained access to a UGC admin account and sent an email to approximately 400-500 team leaders. Ten minutes after the email was sent, our Admin Panel was taken down as a precautionary measure. The whole ugcleague.com domain, as well as the ugcleague.net domain, on which our Forums are hosted, were taken down shortly afterwards. Early investigations indicate that the unauthorized party had access to our Admin Panel for a period between 30 and 60 minutes. Only the UGC Admin Panel was breached. We have no indication of the attacker gaining access to our database.

During that time-frame, the attacker might have had access to leader passwords. There is no available data dumps or massive download features embedded in the Admin Panel. Any access to leader passwords, if any, was done one at a time. Team Leader passwords are a series of alpha-numerical & special characters auto-generated by the UGC website. However, if you changed the auto-generated password to a custom one or if you use the auto-generated password on other services, we recommend that you take precautionary measures by changing them.

Our developers have been hard at work since the breach this afternoon and are currently implementing additional security measures to the Website. Among other things, passwords have been invalidated and leaders will be required to input a new password upon their next login. Additionally, the new login system will use hashed passwords, in addition to salting.

The past few weeks have not been easy for UGC, however, we wanted to thank you for your continuous support and understanding.

Have a good evening,
UGC Admins

Earlier today, at 15:54 EST, an unauthorized party gained access to a UGC admin account and sent an email to approximately 400-500 team leaders. Ten minutes after the email was sent, our Admin Panel was taken down as a precautionary measure. The whole ugcleague.com domain, as well as the ugcleague.net domain, on which our Forums are hosted, were taken down shortly afterwards. Early investigations indicate that the unauthorized party had access to our Admin Panel for a period between 30 and 60 minutes. Only the UGC Admin Panel was breached. We have no indication of the attacker gaining access to our database.

During that time-frame, the attacker might have had access to leader passwords. There is no available data dumps or massive download features embedded in the Admin Panel. Any access to leader passwords, if any, was done one at a time. Team Leader passwords are a series of alpha-numerical & special characters auto-generated by the UGC website. However, if you changed the auto-generated password to a custom one or if you use the auto-generated password on other services, we recommend that you take precautionary measures by changing them.

Our developers have been hard at work since the breach this afternoon and are currently implementing additional security measures to the Website. Among other things, passwords have been invalidated and leaders will be required to input a new password upon their next login. Additionally, the new login system will use hashed passwords, in addition to salting.

The past few weeks have not been easy for UGC, however, we wanted to thank you for your continuous support and understanding.

Have a good evening,
UGC Admins
25
#25
11 Frags +
MamboulayAdditionally, the new login system will use hashed passwords, in addition to salting.

They used plaintext passwords? That's scary as hell, I wonder what other sketchy security practices are going on that we won't know about until they are abused.

[quote=Mamboulay]Additionally, the new login system will use hashed passwords, in addition to salting.
[/quote]

They used plaintext passwords? That's scary as hell, I wonder what other sketchy security practices are going on that we won't know about until they are abused.
26
#26
22 Frags +

you stored plaintext passwords. I can't even...

a little guide for you guys if you ever want to store passwords in plaintext:

    1. don't
    2. just don't
    3. use a strong hash like sha-2
    4. like seriously don't
    5. i meant it when i said to not store them in plaintext
    6. really just dont

EVERYONE WHO HAS EVER ENTERED A PASSWORD INTO UGC EVER

    1. Change your password now like it will make you do
    2. Put in a password that you will not use anywhere else. They have potentially screwed you over pretty hard.
    3. Go change your password anywhere you've used it elsewhere. The attackers have your password and email and probably your commonly used username for like every site on the internet. Don't risk it.

This is like programming 101, use a good salted hash. This is absolutely retarded that we have to go through with this. This is not a small mistake, this is someone who simply didn't know what they were doing potentially screwing over hundreds of users. Really disappointing.

you stored plaintext passwords. I can't even...

a little guide for you guys if you ever want to store passwords in plaintext:

[olist]
1. don't
2. just don't
3. use a strong hash like sha-2
4. like seriously don't
5. i meant it when i said to not store them in plaintext
6. really just dont
[/olist]

[b]EVERYONE WHO HAS EVER ENTERED A PASSWORD INTO UGC EVER[/b]
[olist]
1. Change your password now like it will make you do
2. Put in a password that you will not use anywhere else. They have potentially screwed you over pretty hard.
3. Go change your password anywhere you've used it elsewhere. The attackers have your password and email and probably your commonly used username for like every site on the internet. Don't risk it.
[/olist]

This is like programming 101, use a good salted hash. This is absolutely retarded that we have to go through with this. This is not a small mistake, this is someone who simply didn't know what they were doing potentially screwing over hundreds of users. Really disappointing.
27
#27
-5 Frags +
AndKennethyou stored plaintext passwords. I can't even...

a little guide for you guys if you ever want to store passwords in plaintext:

    1. don't
    2. just don't
    3. use a strong hash like sha-2
    4. like seriously don't
    5. i meant it when i said to not store them in plaintext
    6. really just dont


EVERYONE WHO HAS EVER ENTERED A PASSWORD INTO UGC EVER
    1. Change your password now like it will make you do
    2. Put in a password that you will not use anywhere else. They have potentially screwed you over pretty hard.
    3. Go change your password anywhere you've used it elsewhere. The attackers have your password and email and probably your commonly used username for like every site on the internet. Don't risk it.


This is like programming 101, use a good salted hash. This is absolutely retarded that we have to go through with this. This is not a small mistake, this is someone who simply didn't know what they were doing potentially screwing over hundreds of users. Really disappointing.

i think it was already pretty obvious that a website that gets succesfully ddosed by a highschooler for like a week straight doesnt have people that know what theyre doing running it...

[quote=AndKenneth]you stored plaintext passwords. I can't even...

a little guide for you guys if you ever want to store passwords in plaintext:

[olist]
1. don't
2. just don't
3. use a strong hash like sha-2
4. like seriously don't
5. i meant it when i said to not store them in plaintext
6. really just dont
[/olist]

[b]EVERYONE WHO HAS EVER ENTERED A PASSWORD INTO UGC EVER[/b]
[olist]
1. Change your password now like it will make you do
2. Put in a password that you will not use anywhere else. They have potentially screwed you over pretty hard.
3. Go change your password anywhere you've used it elsewhere. The attackers have your password and email and probably your commonly used username for like every site on the internet. Don't risk it.
[/olist]

This is like programming 101, use a good salted hash. This is absolutely retarded that we have to go through with this. This is not a small mistake, this is someone who simply didn't know what they were doing potentially screwing over hundreds of users. Really disappointing.[/quote]
i think it was already pretty obvious that a website that gets succesfully ddosed by a highschooler for like a week straight doesnt have people that know what theyre doing running it...
28
#28
3 Frags +
deetrMamboulayAdditionally, the new login system will use hashed passwords, in addition to salting.
They used plaintext passwords? That's scary as hell, I wonder what other sketchy security practices are going on that we won't know about until they are abused.

ESEA isn't much better, they bitcoin farmed their servers for almost 4,000 US dollars. Here's the proof

[quote=deetr][quote=Mamboulay]Additionally, the new login system will use hashed passwords, in addition to salting.
[/quote]

They used plaintext passwords? That's scary as hell, I wonder what other sketchy security practices are going on that we won't know about until they are abused.[/quote]

ESEA isn't much better, they bitcoin farmed their servers for almost 4,000 US dollars. [url=http://www.pcgamer.com/esea-accidentally-release-malware-into-public-client-causing-users-to-farm-bitcoins/]Here's the proof[/url]
29
#29
13 Frags +

wait did UGC just casually tell us that ALL passwords could have been compromised because they didn't bother to store them correctly?

wait did UGC just casually tell us that ALL passwords could have been compromised because they didn't bother to store them correctly?
30
#30
3 Frags +
omnificESEA isn't much better, they bitcoin farmed their servers for almost 4,000 US dollars. Here's the proof

Lpkane even admitted to it.

[quote=omnific]ESEA isn't much better, they bitcoin farmed their servers for almost 4,000 US dollars. [url=http://www.pcgamer.com/esea-accidentally-release-malware-into-public-client-causing-users-to-farm-bitcoins/]Here's the proof[/url][/quote]
Lpkane even [url=http://i.imgur.com/drIs4dA.jpg/]admitted to it.[/url]
1 2 3 4
Please sign in through STEAM to post a comment.