[George]

Just so everyone knows, all LimeLight staff have had all their previous staff access rights revoked and even informed FL of any access we did have.

This is certainly an issue at their end.

[evilmat360]

My pass has been changed too.
If you are already logged in, your pass may have changed without your knowledge and but you're still able to remain logged in
Log out and attempt to log in, and you'll find if it's changed.

[Enzyme]

My pass has been changed too.
If you are already logged in, your pass may have changed without your knowledge and but you're still able to remain logged in
Log out and attempt to log in, and you'll find if it's changed.

^
That's what happened to me.

I don't even receive an email when I try to recover my password.
I know that this is an issue that Soul is trying to keep silent, and that his staff isn't really informed about the situation.

I'd advise people to be careful drawing hasty conclusions. It's not proven that Soul or any of his staff-members are behind this, so let's give them the benefit of doubt.

I don't think that Soul would be THAT stupid to purposely attack any LimeLight-members and staff, as that'd cause un-needed drama and further conflict.

Glad to report that our security is still up and in great condition, thanks to our lovely developers and nerds.

[Killjoy]

What I don't understand is why Wood reporting the issue was censored.

[evilmat360]

I'm just hoping that it's down to some of the MyBB updates that soul did and nothing else.

[Adman]

Happened to me and I'm not really part of LimeLight so idk if that's the target. Silencing Wood is dumb as shit though

[bimkx]

well this is fucking annoying :>

edit: just checked not changed here

[Faustie]

I kept a very close watch of security at FL back when I was SA, as my specific role was Head of Security. As such, I can see several possibilities as to what could've caused this.

When I was an SA and had full access to the forum control panel, I set it so that only Soul, Temar, and myself could do many widespread changes; though it was possible for other SAs to modify forums and individual user accounts, I or Temar would almost certainly notice in the logs. However, in order to strip all of my access, it's likely that group permissions were changed and from experience I know that Soul rarely every reviews security logs, and now any SA could get away with changing passwords. If the group settings were changed enough, it's even possible that an admin could do this, but that would be serious negligence on Soul's part. If it is an inside source, those with the access would be Soul, Grub, and likely Mavis.

Of course, it's possible that someone else gained access. Unlike the dedicated server Burnett and I secured, Soul never set any form of IP checks on the adminCP, so if a password was stolen then accessing it would be simple. The forum back-end was also not particularly secure, and there were multiple permissions bugs for months that Soul did not fix despite me mentioning it to him a dozen times. With this in mind, it's possible that this is the end result of permissions bugs being unchecked for months or someone breaking in, as Soul was very negligent in fixing them and had not done so for months despite me notifying him on numerous occasions.

However, that said, I find it most likely that it's someone with authorized access doing this, especially considering certain posts have been wiped in recent days (Wood's post here and another regarding FL content), no announcement has been made warning users to change their passwords manually and guard their data, and Soul has yet to respond to anyone asking about this, yet he was able to speak to me 30 minutes ago about a different issue on Steam.

If this is not someone with authorization but rather a security breach, I think that it is extremely negligent of Soul not to post an immediate announcement, ensure that user's data/IPs are safe, and use the force password-change utility, which would require users to change their passwords on sign-in in case the old ones were stolen somehow. At the very least, Soul should change his own passwords and that of Mavis (if he has access) and Grub (who certainly does) and post an announcement. Without an announcement we can only assume that the e-mail and IP - and perhaps even the password - of every user there is at risk. As such, I would not be surprised if this was intentional by someone high up at FL, but those targeted seems strange.

Of course, it's possible that what's happening is none of the above, and without evidence it is pointless to pin the blame on someone. However, if it isn't a case of someone abusing his power, then I almost certainly think it may be related to security negligence - the lack of an announcement is negligence in itself.

I recommend to all users that, if this issue continues, you should change your e-mail on the FL forums if you don't want it potentially leaked. Better safe than sorry.

[GRiiM]

My pass has been changed too.
If you are already logged in, your pass may have changed without your knowledge and but you're still able to remain logged in
Log out and attempt to log in, and you'll find if it's changed.

Tried this, my password isn't working now either.
What the fuck Fearless.

[GRiiM]

I'm just hoping that it's down to some of the MyBB updates that soul did and nothing else.

If that was the case then people from other communities would be reporting the issue, Google doesn't find anything for me though.

[evilmat360]

Soul's reply on the situation.
"It's not your password that's changed, it's just broken. It happened after the MyBB 1.8.5 update. Nobody changed it. Simply press forgot password and a link will be send to your e-mail address to change it."

[bimkx]

posted a reply to his reply asking why he suppressed wood.
>gets supressed

hahahaha he's lying through his teeth

EDIT: Ok guys, never ever question Soulripper!


can somebody please reply to the post asking why i was permanently banned from posting just for asking a question?

EDIT 2: Turns out he shadow banned me c':
Can't even like posts

[Faustie]

There have been no other reported incidents of a 1.8.5 update causing this. The fact that several people have now had their posting rights permanently revoked (they sent me evidence of this) for questioning Soul's statement leads me to believe that all may not be as it seems. Please be very cautious with your personal information on the FL forums; I do not currently believe that it is entirely safe.

That said, there is currently no proof about what is behind this. While personally think that the site is currently unsafe, I could very well be wrong, and I will not be posting about this on the FL forums as I do not wish to cause drama there.

[Preditor]

Aye happened to me as well. Not sure who it is but Soul seems really fishy about it.

[Aviator]

This is what I was thinking Faustie.

I'd have thought and expect any security breach, even if it turns out false, to have proper precautions taken place to safeguard people's details. In fact, I'm not sure why I even have to say that, because it's just common sense.

I've never heard of such thing as "broken passwords" in my life, and browsing the MyBB support website shows no other customers experiencing that. Even if there was a problem with passwords, I would expect MyBB to fix it and issue warnings to people or not even let it get to the stable release.

I think it's better to be safe than sorry to be honest. I feel this is extremely negligent that these problems could persist multiple days without a peep.

Let's see how it pans out.