@Luke#17494 Wouldn't make a difference if an ssh account is compromised, which we believe so far is what happened here, and server file access was needed so the devs could do testing.
Linux also logs all logins and durations anyway so I have all that info.
A panel if anything as I say may have caused more issues if the individual who's ssh creds may have been used were then the same as a panel, at which point they could in theory have done damage to live services as well. Thats sorta the point.
@Telesphoreo#17457 I would encourage you to show the full context of the quote then. My point was that you were clearly not knowledgeable in the area you claimed to be in, and based on your argument here that hasn't changed. Your argument was a panel was more secure, it wouldn't have made any difference at all in this context.
An investigation is still under way, and when I have more info and we know what actually happened then feel free to judge, but right now I don't believe you or anyone else has enough data to make an informed statement, much less what your claims are.
@Telesphoreo#17455 From what the initial investigation has shown, your entire post has nothing to do with the breach. This would have happened with or without a panel.
User credentials to the server (as I said on the original notification) were used, those credentials would have been used either way. If anything a panel may have made us at greater risk if that user had panel access and was using poor password management there, but we will never know.
Either way your entire post is just a waste of time, aimed at stirring the pot. I've made as much info as we currently know public (despite having no legal reason to need to do so at this time) so maybe read that post before making statements on here that have no actual relevance to the conversation.
So this actually breaks Discord integration if removed... Figured.
Now denied.
Quote@Ivan#17421 This is a Minecraft server. And I'm hearing the words "Information Commissioners Office" and I'm honestly both laughing and wondering why this is being taken so seriously.
Because it's a legal requirement for anyone in the UK regardless... Data which is legally protected by GDPR as PPI Data is legally required to be reported to the ICO if a leak is believed to have taken place that may be a GDPR Violation.
There isn't any further info I can provide for the other points you've made.
Added clarification as follows
QuoteFor clarification, we are notifying everyone about this potential breach as a copy of Freedom-01 was cloned to the dev server some time previous in order to give the dev team a realistic non-prod environment to test against. It is also important to note that the vast majority of this information has previously been made public through historic archiving / publication of the server files.
I wanted to let folks know that we are currently investigating a data breach on the Dev-Freedom-01 Server. We have been made aware of a leak published.
We are still performing a full investigation into the data which has been leaked, but current indications would suggest that it was isolated to the developer server, and was accessed using one of our dev team's credentials.
From the initial review of the data, we've been able to narrow the breach down to being not before March 31st 2021 at 22:19 UTC, and not after April 3rd 2021 at 01:02 UTC.
We are currently investigating if any PPI Data has been included in this leak, and where appropriate will be working with the Information Commissioners Office when we have confirmed if a GDPR breach has occurred.
For clarification, we are notifying everyone about this potential breach as a copy of Freedom-01 was cloned to the dev server some time previous in order to give the dev team a realistic non-prod environment to test against. It is also important to note that the vast majority of this information has previously been made public through historic archiving / publication of the server files.
I will keep people informed via this thread as we establish further information.
There will be a separate thread open to discussion, but I will say that until further information is established the dev team and others involved in the investigation have been asked not to disclose any further information for the time being, especially as this will potentially require some coordination with external organisations if this does prove to contain any personal information.
We have suspended access to the dev server through a network and service suspension to prevent access. This server will remain suspended pending the outcome of the investigation, and once concluded the server will be fully destroyed.
I thank you all for your understanding, and would like to stress that this appears to be isolated to the dev server, and we have no reason to believe that any other servers have been compromised and the account which we believe to have been compromised on the dev server, was not a valid account on any non-dev servers.
Given I probably banned you for being annoying based on the ban reason I object. I've seen no reason on this thread that would suggest the ban was not fair or valid, or that you have any intention of changing.
@UnderTails#17306 It's a full on network party system, there's a suggestion somewhere / moaning thread where people demanded it be disabled.
Feel free to raise a thread suggesting it to be enabled, more than happy to toggle it on if people won't take me out and shoot me for it...
@UnderTails#17290 FYI this is a thing. It was disabled in network manager though because people moaned that it was a pointless thing for a free op server... Especially when we ha e guilds.
It is easy to re enable...
@videogamesm12#17245 it'll be because the more plug-ins we have to customize and maintain the harder it is to keep the server running.
Were barely keeping up with tfm maintenance and upgrades... In this case I agree it made a lot more sense for us to build it into tfm rather than a 3rd party especially when it hooks into a bespoke and custom economy system...
@videogamesm12#17204 given its directly linked into how we manage coins, a separate plugin for this size of feature would have made little to no sense IMHO...
@StevenNL2000#17182 I guess the question then is if this should even be a shop item... Or if we should remove it and return folks coins.
I've raised FS-247 to fix this issue as Fleek described in the previous post.
@StevenNL2000#16696 I've updated the release notes now to remove that line.
As has been stated though, this is fully intentional behaviour of the FreeOP Servers.
Any info on how to re-produce the issue?
