Discussion - Data Breach Notification for TF Dev Server

**wild1145** · May 11, 2021 at 10:17 PM

Discussion thread for https://forum.totalfreedom.me/d/1604-data-br…eveloper-server

RedEastWood · May 11, 2021 at 10:19 PM

So what I’m hearing is one of the devs leaked their credentials and participating in distributing private data.

May 11, 2021 at 10:20 PM

I'd chalk it up to someone getting access to server files via a permissions bug

Folfy_Blue · May 11, 2021 at 10:28 PM

@redeastwood#17414 I mean, someone could have stolen their credentials as well, let's not jump to conclusions

May 11, 2021 at 10:33 PM

This is a Minecraft server. And I'm hearing the words "Information Commissioners Office" and I'm honestly both laughing and wondering why this is being taken so seriously.

Honestly if this was a credential server leak, why are we giving regular OPs, some we have no idea who they are, access to one being a developer and two an entire arsenal of information in the dev server? The application process is so simple. Anyone can literally become a developer. And how easy is it to steal someone's code and mess around with it to make it look like yours, put it on a portfolio, and apply? If this was an admin they need to be indefinitely suspended and permanently banned. Shame on them.

And if it was a permissions issue, shame on the development team for not looking entirely into the plugin fully that caused this issue when it was added. TF is filled with bugs. I hope quality assurance gets better. Maybe get a group of dedicated testers and make them quality assurance. That's my two cents.

DragonSlayer2189 · May 11, 2021 at 10:36 PM

was the votifier public/private key and telnet password in this data breach or no, cuz thats prob an issue if someone managed to get those

**wild1145** · May 11, 2021 at 10:37 PM

Quote

@Ivan#17421 This is a Minecraft server. And I'm hearing the words "Information Commissioners Office" and I'm honestly both laughing and wondering why this is being taken so seriously.

Because it's a legal requirement for anyone in the UK regardless... Data which is legally protected by GDPR as PPI Data is legally required to be reported to the ICO if a leak is believed to have taken place that may be a GDPR Violation.

There isn't any further info I can provide for the other points you've made.

You! · May 11, 2021 at 11:05 PM

hope the investigation is successful!

**videogamesm12** · May 11, 2021 at 11:23 PM

Well, my day's been ruined.

Great.

Luke · May 11, 2021 at 11:28 PM

days ruined thanks ryan

DragonSlayer2189 · May 11, 2021 at 11:34 PM

Day's Saved, Thanks Ryan!

**lyicx** · May 11, 2021 at 11:50 PM

i shit you not, i woke up with 20-25 dms telling me to moderate shit. and people telling me there's an issue or images being spammed or some shit

today seemed to go fucking crazy when i was just trying to fucking get sleep. mental tho

Madea · May 12, 2021 at 1:11 AM

I noticed some people on the server sending links in chat, could this be from it?

May 12, 2021 at 1:55 AM

@Madea#17443 No. Shouldn’t be a way. Links in chat if you click on them can only really access tokens in your Cookies. SSH connections in no way should be compromised as they have nothing to do with your browser

Madea · May 12, 2021 at 2:07 AM

@Ivan#17445 I'm referring to someone spreading leaked material to, let's say, a file sharing website or something similar and promoting it in chat.

Fleek · May 12, 2021 at 2:08 AM

@Madea#17446 Verify the link and if it is, let a discord mod/admin know so they can delete it from the chat and ban them.

Madea · May 12, 2021 at 2:15 AM

Quote

@Fleek#17447 Verify the link and if it is, let a discord mod/admin know so they can delete it from the chat and ban them.

I was able to look in my history to find the pastebin link, but upon looking in the discord to find who sent it, I couldn't find them. If you want the link to look further, PM me on discord as I don't want to display it here.

iVacon · May 12, 2021 at 5:55 AM

So, I know some things about data breaches, but most are caused by brute force attack... If this was an abusive admin, it's not a data breach, it's a leak. Data breaches are likely to have passwords in them, so if any admins havent changed their passwords already, please do for the sake of security.

Telesphoreo · May 12, 2021 at 6:56 AM

Quote

Then quite frankly that shows how little you understand cyber security and an approach to risk. It is an attack vector, same as SSH, same as SFTP, same as the bot's. They're all viable attack vectors, and it's about managing that risk in a sane and sensible way. The panel introduces a lot more risk than anything we've done before, with a net gain of zero, so it feels like a pretty poor setup...

Ryan

TF still gets hacked without a panel 😱😱. But I thought you had the credentials and were better than everyone else.

What a joke

**wild1145** · May 12, 2021 at 7:11 AM

@Telesphoreo#17455 From what the initial investigation has shown, your entire post has nothing to do with the breach. This would have happened with or without a panel.

User credentials to the server (as I said on the original notification) were used, those credentials would have been used either way. If anything a panel may have made us at greater risk if that user had panel access and was using poor password management there, but we will never know.

Either way your entire post is just a waste of time, aimed at stirring the pot. I've made as much info as we currently know public (despite having no legal reason to need to do so at this time) so maybe read that post before making statements on here that have no actual relevance to the conversation.