Sign up Login
Store
Players Online: 5.9k
Info
Rules Staff Discord
Support Suggestions Forums Client
Forums Announcements Badlion's Recent "Unauthorized" Access
Subscribe
Badlion's Recent "Unauthorized" Access

Posted on 13 July 2017 - 02:52 PM

I'll start off by this was just a simple mistake that was overlooked by us, and no data was stolen nor was anything accounts compromised.

—–

About 30 minutes ago, some of our internal security monitoring systems (including ArchyAI to the volunteer staff), notified us of a potential compromise of the Badlion systems. The full security team of Badlion and a few ESL/TEO employees immediately (within seconds) were dispatched and the problem was identified within a minute. Since the issue was able to be contained to a small breach due to our security systems, we did not have to shut down the whole network and just the NA UHC servers.

We recently upgraded our UHC boxes and during the setup, we mis-configured our firewall rules which would allow players to spoof as any account. This firewall mess up also allowed them to bypass our server sided two factor authentication, which allowed them to do nothing more but change ranks, chat, and issue bans/mute punishments (not even IP bans were doable).

They had no database access, no access to personal information, no website access, and no access to anything besides the above three things.

We literally have a button that can undo bans and other commands in the case of hacked staff accounts, but by the time we had locked down the UHC boxes the network staff had already cleaned up all the bans for us as they were also on top of the situation due to ArchyAI notifying them.

The issue has been fixed within minutes but sadly we had to cancel the UHCs that were running on the boxes to guarantee that all connections were killed. We also are going to be implementing more redundancy into the security systems to prevent even mess ups within the firewalls and other security flaws.

~Archy
 23
PM Link

Posted on 13 July 2017 - 03:20 PM

ok
 5
PM Link

Posted on 13 July 2017 - 03:25 PM

Automatically Deleted
 1
PM Link

Posted on 13 July 2017 - 03:46 PM

Badlion on top of their shit
 9
PM Link

Posted on 13 July 2017 - 04:06 PM

baritonesax wrote

Badlion on top of their shit
 0
PM Link

Posted on 13 July 2017 - 04:19 PM

grEAT
 0
PM Link

Posted on 13 July 2017 - 04:28 PM

Glad to hear it's fixed.
 0
PM Link

Posted on 13 July 2017 - 04:43 PM

thats why all the discord channels were updated
 0
PM Link

Posted on 13 July 2017 - 04:53 PM

niCE
 0
PM Link

Posted on 13 July 2017 - 05:39 PM

they way you guys handled it makes MineHQ look like a bunch of rookies
 9
PM Link

Posted on 13 July 2017 - 06:51 PM

I know who breached you
 0
PM Link

Posted on 13 July 2017 - 08:08 PM

Automatically Deleted
 0
PM Link

Last edited on 13 July 2017 - 08:13 PM by Genocado

EhhThing wrote

Azl0 wrote...


Who?


 0
PM Link

Posted on 13 July 2017 - 08:17 PM

And found another one

 1
PM Link

Last edited on 13 July 2017 - 10:55 PM by GlueEater22

.
 0
PM Link

Posted on 14 July 2017 - 03:24 AM

SporkHandles wrote

they way you guys handled it makes MineHQ look like a bunch of rookies
How? MineHQ handled it fine imo..
 0
PM Link

Posted on 14 July 2017 - 10:46 PM

Thanks Archy and Dev Team
 0
PM Link

Posted on 14 July 2017 - 11:11 PM

SporkHandles wrote

they way you guys handled it makes MineHQ look like a bunch of rookies
handled It fine, fucking idiot lmao
 0
PM Link

Posted on 15 July 2017 - 12:02 AM

Vykz wrote

SporkHandles wrote...

handled It fine, fucking idiot lmao


unprofessional
 2
PM Link

Posted on 15 July 2017 - 01:49 AM

Vykz wrote

SporkHandles wrote...

handled It fine, fucking idiot lmao


you're toxic :(
 0
PM Link