Follow Us On:  
  •   Vote For Us:  

Results 1 to 4 of 4
  1. #1
    Server Developer Aso's Avatar
    Valcyn

    Join Date
    Dec 2014
    Location
    US
    Posts
    1,858

    Website Vulnerability

    Hello Reckoning Community,

    I have discovered our previous version of vBulletin (the forum software) had a security flaw that was actively exploited by unknown perpetrators. To be totally transparent, I want to make sure all of our users have an idea of what was stolen and leaked online.

    Your Reckoning username, the email associated with your account, and your hashed password have been leaked online. I want to stress that it was your encrypted hashed password that was leaked, not your actual password. Out of an abundance of caution, we will REQUIRE all users to change their password. If you used the same password anywhere else, we suggest you change it immediately.

    I do apologize about this because security is one of our biggest concerns. There are a lot of bad people out there in this world that have the know how to do bad things to good people. Things are getting bad out there now and hoped to avoid this, but we've been targeted as well. Not even the biggest companies can avoid it.
    Last edited by Aso; 05-14-2017 at 12:22 AM.

  2. #2
    Server Developer Aso's Avatar
    Valcyn

    Join Date
    Dec 2014
    Location
    US
    Posts
    1,858
    Website is now enabled. Please report any bugs with our custom stuff (portal, support system, donation system, etc...).

    The security flaw is now completely patched.

  3. #3
    Server Developer Aso's Avatar
    Valcyn

    Join Date
    Dec 2014
    Location
    US
    Posts
    1,858
    Changes going forward:

    • The forum software will be upgraded as soon as a new version is released, regardless of how long it takes to integrate our custom changes/themes. One of the reasons we were running a few versions behind was compatibility with our customizations. That is no excuse when it comes to security, so it'll be done regardless of the website downtime it might cause. Better safe than sorry.
    • User passwords will now expire once a year. May reduce this to 6 months.
    • When changing a password, you will not be able to use one that you have used within the last 90 days.


    With an ever increasing dangerous digital world (just read recent news), it is imperative that we do our part to keep our user data safe. While our forum software was the culprit, I share the partial blame for not staying 100% up to date with the latest versions. Give one opening in today's world and you become a victim.

  4. #4
    Server Developer Aso's Avatar
    Valcyn

    Join Date
    Dec 2014
    Location
    US
    Posts
    1,858
    You may notice that you cant login to the game. The password change system was not hashing the passwords correctly for use with SWGEmu Core3.

    To fix this, go to:
    https://swgreckoning.com/profile.php?do=editpassword

    Change your password again. I've made it so you can enter the same password you just used when changing it the first time. This will refresh the password correctly in the game database.

    Sorry about the error. Things tend to get screwed up with website upgrades.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •