Board closure

This site uses cookies. By continuing to browse this site, you are agreeing to our Cookie Policy.

  • Mrdavid wrote:

    Xy. wrote:

    We were not affected?
    From what I saw in files, there are users emails, IPs, full names, jobs and other RL details from apps (including mine too).

    Doubt we all wanted to share it around.
    Xy., as Kevlar stated, this was from the first or "former" leak's conclusion after GameForges investigation and is different than what happened this past weekend.
    It was easy to find which account was hacked and what access it had. Logged sessions from ACP would tell you all.

    It happened 4th of August, based on date of files.

    So some third part had access to all our info for over an month and we didnt know anything nor GF or staff even tried to inform us about problem. US staff (BAs and GAs) are responsible for data leak more than GF. Funny investigation did nothing and you decided to stay quiet about all of this, now trying to make censorship and pretending you didn't know anything.
  • It does appear that the information was obtained when the last data breach happened in August. This was of course not known and we simply can not tell you things that we are not aware of. The Board Admins are limited to what we can see, so we were unable to investigate as far as Gameforge was. The information we received was limited and insignificant initially. We did not keep you in the dark, there was just no reason to believe that there was a breach in any way.

    Passwords were advised to be changed (by me) by only a few isolated accounts, and asked to be changed by all as a precaution. To be more specific, there was a specific short time table between when we received the information and which accounts were active. If I remember correctly only about 6 accounts were active who had access to the information. All 6 accounts were checked and no breach could be determined at that time.


    Board Admin/ GO - Ogame.us
    SMOD - Ogame.se
  • GF, why no action taken?
    there was data leaked in august, the staff was sure of this as shown by their own writing. they reported this to Grimnir, who then looked into it and concluded there was nothing to be found. He made all personal data be moved to admin, but did not take it serious - he didn't even reply to the thread, did not have personal data removed. If a BA account was hacked as is suggested on twitter and .org, then you knew very well that this was the case if you checked. this leak showed us nicely all log-ins are saved. so it is an easy lie, you did either not investigate any possible breach or one comprised account is not what happend. I hope you realize how serious lying about this is.
    why save such data at all? why put it at a volunteer forum? why not encrypt this? why not black out the personal data?
    dont even try to hide this behind ignorance, there are clear guides about this issue and that all info should be made anonymous because of GDPR. it was done to maybe 1 thread I found, all others not. these forums are ran by volunteers who are famous for not knowing what to do and pointing fingers to GF when it gets difficult. you should have monitored this better.

    you also chose to not notify us. only reason you can do that is if it was unlikely IP and email got leaked, as these are personal data and a right to be kept secure. as I said before, if it was 1 account being 'hacked' (whatever you may mean by that) then you could see the different log-ins. so this is not what happend or you didnt do proper research in august, shame on you either way.

    -staff
    out of all places this could happen, it happend at .us.
    The only thing different from this community is the staff.
    Players are bitter in each place and in each game.
    Volunteer staff is everywhere.
    Is this caused by the 'unique' staff .us has?

    please, just take some responsibily here. I have clearly written why this is GFs mistake.
    however:
    you knew what acp looked like, and;
    you knew what security was there (none after using pw) and;
    there was absolutely nothing done by GF to let you think they took this issue serious (we checked, found nothing, change pw and move data up a level of volunteers) and;
    you saw the new laws about making data anonymous and you did not do this. and;
    you are all volunteers with no training or experience in this field.

    so just admit that you are incompetent when it is about GDPR, that you messed up big time, and that you arent ready to handle my personal data without proper guidance of GF.

    ''we just followed orders and reported our every move since august'' is a very weak answer. for months you told us GF did not listen to your requests and was not involved in small .us, the one and only reply back to your report in august then proved this was the case again, no involvement again. you had moral obligation to escalate this problem. you didn't. shame on all of you that knew ACP.
  • myth wrote:

    ''we just followed orders and reported our every move since august'' is a very weak answer.
    While it might be a weak answer, if true then it mostly saves them from legal action.

    The same can't be said about GF, especially given the close to zero and misleading transparency they have displayed regarding the extent of the breach.

    The post was edited 1 time, last by Blood Dancer ().

  • myth wrote:

    this leak showed us nicely all log-ins are saved. so it is an easy lie,
    This is incorrect, all log ins are not saved.

    myth wrote:

    why save such data at all? why put it at a volunteer forum? why not encrypt this? why not black out the personal data?

    dont even try to hide this behind ignorance, there are clear guides about this issue and that all info should be made anonymous because of GDPR. it was done to maybe 1 thread I found, all others not.
    "active" things are still saved, and fresh bans and information are still accessible. After a certain amount of time we are to make everything anonymous. The board staff seldom has any personal info saved here as the board itself saves everything we need. Any information that hasn't been "blacked out" is still an ongoing investigation or process. Most personal data that was leaked however was within the system itself and not inside threads.

    myth wrote:

    you also chose to not notify us. only reason you can do that is if it was unlikely IP and email got leaked, as these are personal data and a right to be kept secure. as I said before, if it was 1 account being 'hacked' (whatever you may mean by that) then you could see the different log-ins. so this is not what happend or you didnt do proper research in august, shame on you either way.
    As already stated, not all logins are saved. I cant go into detail about how it works, but the information just isnt there. I wish it was trust me. At the time It did not appear that his account was breached in any way.

    myth wrote:

    -staff

    out of all places this could happen, it happend at .us.
    The only thing different from this community is the staff.
    Players are bitter in each place and in each game.
    Volunteer staff is everywhere.
    Is this caused by the 'unique' staff .us has?
    Players trying to get access they shouldn't have is nothing new. You of all people should know this. Perhaps it isnt the unique staff, but rather the unique community. In any event, there was a weakness with an admin account that was exploited (password I assume) 1 account hardly qualifies as the "staff"

    myth wrote:

    there was absolutely nothing done by GF to let you think they took this issue serious (we checked, found nothing, change pw and move data up a level of volunteers)
    I cant speak about what they did or honestly what they have access to. That is something they will need to answer to.

    myth wrote:

    you saw the new laws about making data anonymous and you did not do this. and;

    you are all volunteers with no training or experience in this field.
    This was already explained our anatomize process. Any information saved is likely an ongoing investigation and is needed until the case is closed. After it is closed, the information is redacted.

    myth wrote:

    so just admit that you are incompetent when it is about GDPR, that you messed up big time, and that you arent ready to handle my personal data without proper guidance of GF.
    again I have explained the process we follow as outlined by our COMA. You are free to discuss these issues with the COMA via ticket.

    myth wrote:

    'we just followed orders and reported our every move since august'' is a very weak answer. for months you told us GF did not listen to your requests and was not involved in small .us, the one and only reply back to your report in august then proved this was the case again, no involvement again. you had moral obligation to escalate this problem. you didn't. shame on all of you that knew ACP.
    Im not sure how knowing about ACP would help here for us. We are limited to what we could see and again can not see log ins. Every time you make a move in ACP it is logged sure, but at the time it was reported there was nothing inside ACP to indicate there was a breach.


    Board Admin/ GO - Ogame.us
    SMOD - Ogame.se
  • so no drama on other boards? really myth? not that it matters but anyone can explore .org or any other server and see plenty of drama. nice try but this is hardly unique to .us where players attack staff for every reason with or without cause. now this breech is unique to .us thankfully. i wouldnt wish that on any game board. funny you would side with whomever did this, the ones who pushed out all your info, instead of being mad at them. that you cant place on staff brother.

    again, for more deep answer have to come from GF. i dont have some secret access to get thid. im curious as anyone about this. but its GF board, game, and company. Not much I can do in a way to force their hand. Ive been down that road ;)

    the cold hard parrot truth..
  • OK guys...I’m not techie, or really understanding what occurred or the significance of this. Clearly you all do understand and have decided it was mishandled. Please give me a beginning to end summary of events. Correct what I’ve got wrong. Here’s what I’m understanding.
    Someone, an employee or X-employee or X-volunteer accessed information on players and staff. On players it’s Email addressss and IPs. On staff it also is information from their applications to GF to be Volunteers. No credit card or financial information was accessed. The person or persons who did this compiled the information into an email and distributed it via Email to players in .us along with an anonymous email blaming volunteer staff in .us. In response to that email being distributed to players, GF shut down the boards for the weekend. The breech of information actually occurred last month and GF was aware. GF did not send a message to players to change passwords or informing them that their email addresses may be subject to spam or compromise. To this day, GF has not sent an email explanation.

    Does that sum it up? Is there something I’m missing?
  • Gabby wrote:

    OK guys...I’m not techie, or really understanding what occurred or the significance of this. Clearly you all do understand and have decided it was mishandled. Please give me a beginning to end summary of events. Correct what I’ve got wrong. Here’s what I’m understanding.
    Someone, an employee or X-employee or X-volunteer accessed information on players and staff. On players it’s Email addressss and IPs. On staff it also is information from their applications to GF to be Volunteers. No credit card or financial information was accessed. The person or persons who did this compiled the information into an email and distributed it via Email to players in .us along with an anonymous email blaming volunteer staff in .us. In response to that email being distributed to players, GF shut down the boards for the weekend. The breech of information actually occurred last month and GF was aware. GF did not send a message to players to change passwords or informing them that their email addresses may be subject to spam or compromise. To this day, GF has not sent an email explanation.

    Does that sum it up? Is there something I’m missing?
    Pretty much sums it up
  • emails and ips seem harmless but some people use their real names in emails, i.e. first initial last name or vice versa. Someone could easily search your general location go to fb and use process of elimination to find even more personal information.

    I dont believe this is a situation to attack staff as their info has been leaked too, and can be used against them by any hateful players. But I disagree with how this whole situation is being taken care of, staff should know more and be able to answer simple questions without players having to submit a ticket to a now very busy coma.
    Thx DISASTER to this amazing sig! :evilgrin: :spiteful:
  • it is very simple.
    1. In august there was a breech. it got reported and nothing was found.
    2. Both knew that they can't find who logs in what account.
    3. Both staff and GF did not do anything to protect players.

    4. email send on friday.
    5. we cant hide breech, its is not also send around. lets notify.
    6. that thingy in august is unrelated, we responded friday on friday's isolated breech.
    it is a very weak story and poor play to suggest these two werent related.

    im not siding with whoever did this and no, not out of all people I should know players try to get info they shouldn't have.

    no idea what you are on about DP. I said players being bitter is everywhere, so no, not unique here. volunteer staff defending GF no matter what, yes that is unique. did you see .org? they arent like this. even their coma taking more responsibility than you and .us is where the breech actually happened.

    what makes me upset with staff is what i wrote before and what kevlar just taught me:
    - you know of info on boards and their automatic savings
    - you know of a breach of those savings
    - you know no logs are saved to determine who did this
    - you know there was little to no involvement of GF

    am i blaming .us staff for it? am i siding with whoever did this? no not at all. but just because someone else is a bigger problem, doesnt mean you arent one as well. you all played a role in this and all are to blame. hacker most of all ofcourse, but what happend there is pretty clear already, what happend on GF and staff side (who should help us and be team with us) is unclear, thats why i only adress that.
  • myth you have always attacked staff and typically make it personal with them. you have had conflicts with admins in the past and that stinks. hell i think even you being staff and then not being staff is included in what was released. so yea that sucks. my drama when i left as BA is all there to. so we are not alone.

    forgive me not hearing you clearly. you and i have always gotten along but let me be clear, i wont disclose what i dont know. i wont guess, or even make an educated guess. What GF releases is what ill repeat. Im not their whipping boy, im simply not going to make the situation worse by adding my personal and possibly unfounded thoughts to the matter. its a serious matter and should handled as such.

    it would be easy to tell staff to close ranks. hell im personally approving the posts here so i can try to address them. why .org is openly discussing more is in their lane. their coma is doing that and is within his duties to do so. our coma has posted more on this board and will again im sure.

    the cold hard parrot truth..
  • myth. We aren't pawning off anything, pointing fingers or putting any blame on anyone. We are doing as we are told. This is how we were told to handle it and that is what we will do. To reflect on what DP said, we aren't going to guess especially on information we aren't sure of. COMA himself said to direct specific concerns within the ticket system so you can get a direct specific answer back. It's easy for another community to be so open about the issue at hand when they aren't the community that was effected.

    We all know it sucks. As Sera mentioned, some peoples personal emails that are used contain their name. I can sympathize for every single one of you. You have right to be angry and be owed an explanation. Each of us have given info as clear as we can about this subject. I am sorry that it may not be what you want to hear or completely answer your question or ease your concerns. If you need a better explanation other than what this community's staff is giving you, then you are advised to submit your ticket and it will be directly sent to OUR Community Manager who may better assist you.
  • Myth, I should add that I or BAs qbilities reflect what I said. I am unsure about what COMAs or higher can do. I feel like we are explaining the best we can with as much information as possible, but we all have to understand that we can not guess about information or assume things as this could become a legal issue. The facts are pretty cut and dry on this. At this point, the community has heard the entire story posted by me. If you are unhappy about the software, practices, annoucements or anything then it's best to adress that in a ticket so coma can see it for sure and respond.


    Board Admin/ GO - Ogame.us
    SMOD - Ogame.se