fuckmachine#BringBackRobinWilliams2015
yes that is my highlander team
yes that is my highlander team
IS IT A SPOOF OR SOMETHING REAL? Cause if it is real then :D
http://i.imgur.com/twyNDzu.png
the plot thickens
the plot thickens
I see someone followed the same business classes as ESEA did. Fingers crossed they pass the finals!
Whoever sent that message can't do any more damage. All hands are on deck trying to sort this out.
I'll try to keep this thread updated with our announcements, as well as emailing UGC leaders and posting on our forums. Bear with us please!
I'll try to keep this thread updated with our announcements, as well as emailing UGC leaders and posting on our forums. Bear with us please!
smoboWhoever sent that message can't do any more damage. All hands are on deck trying to sort this out.
I'll try to keep this thread updated with our announcements, as well as emailing UGC leaders and posting on our forums. Bear with us please!
do you know what may be the cause of this?
I'll try to keep this thread updated with our announcements, as well as emailing UGC leaders and posting on our forums. Bear with us please![/quote]
do you know what may be the cause of this?
THEBILLDOZERhttp://i.imgur.com/twyNDzu.png
the plot thickens
damage control
the plot thickens[/quote]
damage control
This Site Is In Maintenance Mode, updating.
Go To UGC Forums
Go To UGC Forums
Most site functionality is up again, but login stuff for team owners may not work yet. You should be able to play 6v6 matches tonight unhindered, just add the other team on steam, and if you need something you would normally use match comms for, talk to an admin.
smoboMost site functionality is up again, but login stuff for team owners may not work yet. You should be able to play 6v6 matches tonight unhindered, just add the other team on steam, and if you need something you would normally use match comms for, talk to an admin.
If you have any issues please talk to Smobo, he's very lonely
If you have any issues please talk to Smobo, he's very lonely
If your official email was compromised what guarantees do we have that our login info wasn't compromised as well?
KanecoIf your official email was compromised what guarantees do we have that our login info wasn't compromised as well?
oh no my ugc login
oh no my ugc login
fatswimdudeKanecoIf your official email was compromised what guarantees do we have that our login info wasn't compromised as well?
oh no my ugc login
Well u might not be concerned but some people do share login information between different sites, and even then, last time I checked, ugc not only has your email stored but the profile page now also has twitter/fb/youtube/twitch links if u updated those, you can do a lot of stuff with that kind of information. So yes, if all that was compromised I would appreciate to know it happened .
oh no my ugc login[/quote]
Well u might not be concerned but some people do share login information between different sites, and even then, last time I checked, ugc not only has your email stored but the profile page now also has twitter/fb/youtube/twitch links if u updated those, you can do a lot of stuff with that kind of information. So yes, if all that was compromised I would appreciate to know it happened .
Earlier today, at 15:54 EST, an unauthorized party gained access to a UGC admin account and sent an email to approximately 400-500 team leaders. Ten minutes after the email was sent, our Admin Panel was taken down as a precautionary measure. The whole ugcleague.com domain, as well as the ugcleague.net domain, on which our Forums are hosted, were taken down shortly afterwards. Early investigations indicate that the unauthorized party had access to our Admin Panel for a period between 30 and 60 minutes. Only the UGC Admin Panel was breached. We have no indication of the attacker gaining access to our database.
During that time-frame, the attacker might have had access to leader passwords. There is no available data dumps or massive download features embedded in the Admin Panel. Any access to leader passwords, if any, was done one at a time. Team Leader passwords are a series of alpha-numerical & special characters auto-generated by the UGC website. However, if you changed the auto-generated password to a custom one or if you use the auto-generated password on other services, we recommend that you take precautionary measures by changing them.
Our developers have been hard at work since the breach this afternoon and are currently implementing additional security measures to the Website. Among other things, passwords have been invalidated and leaders will be required to input a new password upon their next login. Additionally, the new login system will use hashed passwords, in addition to salting.
The past few weeks have not been easy for UGC, however, we wanted to thank you for your continuous support and understanding.
Have a good evening,
UGC Admins
During that time-frame, the attacker might have had access to leader passwords. There is no available data dumps or massive download features embedded in the Admin Panel. Any access to leader passwords, if any, was done one at a time. Team Leader passwords are a series of alpha-numerical & special characters auto-generated by the UGC website. However, if you changed the auto-generated password to a custom one or if you use the auto-generated password on other services, we recommend that you take precautionary measures by changing them.
Our developers have been hard at work since the breach this afternoon and are currently implementing additional security measures to the Website. Among other things, passwords have been invalidated and leaders will be required to input a new password upon their next login. Additionally, the new login system will use hashed passwords, in addition to salting.
The past few weeks have not been easy for UGC, however, we wanted to thank you for your continuous support and understanding.
Have a good evening,
UGC Admins
MamboulayAdditionally, the new login system will use hashed passwords, in addition to salting.
They used plaintext passwords? That's scary as hell, I wonder what other sketchy security practices are going on that we won't know about until they are abused.
[/quote]
They used plaintext passwords? That's scary as hell, I wonder what other sketchy security practices are going on that we won't know about until they are abused.
you stored plaintext passwords. I can't even...
a little guide for you guys if you ever want to store passwords in plaintext:
- 1. don't
2. just don't
3. use a strong hash like sha-2
4. like seriously don't
5. i meant it when i said to not store them in plaintext
6. really just dont
EVERYONE WHO HAS EVER ENTERED A PASSWORD INTO UGC EVER
- 1. Change your password now like it will make you do
2. Put in a password that you will not use anywhere else. They have potentially screwed you over pretty hard.
3. Go change your password anywhere you've used it elsewhere. The attackers have your password and email and probably your commonly used username for like every site on the internet. Don't risk it.
This is like programming 101, use a good salted hash. This is absolutely retarded that we have to go through with this. This is not a small mistake, this is someone who simply didn't know what they were doing potentially screwing over hundreds of users. Really disappointing.
a little guide for you guys if you ever want to store passwords in plaintext:
[olist]
1. don't
2. just don't
3. use a strong hash like sha-2
4. like seriously don't
5. i meant it when i said to not store them in plaintext
6. really just dont
[/olist]
[b]EVERYONE WHO HAS EVER ENTERED A PASSWORD INTO UGC EVER[/b]
[olist]
1. Change your password now like it will make you do
2. Put in a password that you will not use anywhere else. They have potentially screwed you over pretty hard.
3. Go change your password anywhere you've used it elsewhere. The attackers have your password and email and probably your commonly used username for like every site on the internet. Don't risk it.
[/olist]
This is like programming 101, use a good salted hash. This is absolutely retarded that we have to go through with this. This is not a small mistake, this is someone who simply didn't know what they were doing potentially screwing over hundreds of users. Really disappointing.
AndKennethyou stored plaintext passwords. I can't even...
a little guide for you guys if you ever want to store passwords in plaintext:
1. don't
2. just don't
3. use a strong hash like sha-2
4. like seriously don't
5. i meant it when i said to not store them in plaintext
6. really just dont
EVERYONE WHO HAS EVER ENTERED A PASSWORD INTO UGC EVER
1. Change your password now like it will make you do
2. Put in a password that you will not use anywhere else. They have potentially screwed you over pretty hard.
3. Go change your password anywhere you've used it elsewhere. The attackers have your password and email and probably your commonly used username for like every site on the internet. Don't risk it.
This is like programming 101, use a good salted hash. This is absolutely retarded that we have to go through with this. This is not a small mistake, this is someone who simply didn't know what they were doing potentially screwing over hundreds of users. Really disappointing.
i think it was already pretty obvious that a website that gets succesfully ddosed by a highschooler for like a week straight doesnt have people that know what theyre doing running it...
a little guide for you guys if you ever want to store passwords in plaintext:
[olist]
1. don't
2. just don't
3. use a strong hash like sha-2
4. like seriously don't
5. i meant it when i said to not store them in plaintext
6. really just dont
[/olist]
[b]EVERYONE WHO HAS EVER ENTERED A PASSWORD INTO UGC EVER[/b]
[olist]
1. Change your password now like it will make you do
2. Put in a password that you will not use anywhere else. They have potentially screwed you over pretty hard.
3. Go change your password anywhere you've used it elsewhere. The attackers have your password and email and probably your commonly used username for like every site on the internet. Don't risk it.
[/olist]
This is like programming 101, use a good salted hash. This is absolutely retarded that we have to go through with this. This is not a small mistake, this is someone who simply didn't know what they were doing potentially screwing over hundreds of users. Really disappointing.[/quote]
i think it was already pretty obvious that a website that gets succesfully ddosed by a highschooler for like a week straight doesnt have people that know what theyre doing running it...
deetrMamboulayAdditionally, the new login system will use hashed passwords, in addition to salting.
They used plaintext passwords? That's scary as hell, I wonder what other sketchy security practices are going on that we won't know about until they are abused.
ESEA isn't much better, they bitcoin farmed their servers for almost 4,000 US dollars. Here's the proof
[/quote]
They used plaintext passwords? That's scary as hell, I wonder what other sketchy security practices are going on that we won't know about until they are abused.[/quote]
ESEA isn't much better, they bitcoin farmed their servers for almost 4,000 US dollars. [url=http://www.pcgamer.com/esea-accidentally-release-malware-into-public-client-causing-users-to-farm-bitcoins/]Here's the proof[/url]
wait did UGC just casually tell us that ALL passwords could have been compromised because they didn't bother to store them correctly?
omnificESEA isn't much better, they bitcoin farmed their servers for almost 4,000 US dollars. Here's the proof
Lpkane even admitted to it.
Lpkane even [url=http://i.imgur.com/drIs4dA.jpg/]admitted to it.[/url]