Staff Account Security Issues
 

Due to recent compromises of Graal's databases there appears to be a strategic effort to gain access to playerworld staff accounts, for example on Classic there has been unauthorised access to two staff accounts in the space of one week (fortunately no RC logins or damage caused).

I would suggest that all playerworlds:

• Remove inactive (or pointless) staff from RC
• Remove all but the latest IP range from each staff member
• Request that all staff change their Graal password and use the client computer lock system
• Request that all staff change their associated email address password (as it is known that some used this password for their support center account)

(if they haven't already)

Gee, so this wasn't just a UN problem. Who would have guessed?

Also, for the record, the last UN staff member who got their account stolen claims he was using the client computer lock system, so I'm not sure if that's not working or what.

It could well be random hoardings of accounts, but even then the fact that remote control now only lists servers you are staff on makes it easy for the culprits to identify what servers they could potentially access.

Is it known for certain that they didn't have the email address compromised?

No, not known for certain. Assumed it was the db leak, but very possibly could have been email I suppose. He wasn't able to get his account restored, and I only got his story through someone who knew him, so can't ask now.

It's crazy how people of this community have to take lead here to keep people and servers safe, rather than the actual "Graal Administrators" taking time to make these logical suggestions.

Since his information is a little inaccurate, I'll correct the portion that is. Toonslab Support Database leak had nothing to do with accounts being compromised. The Toonslab Registered account list is seperate fromt he player account. However when the database was leaked only the registered accounts (Not the passwords) and the email name used to register the account.

Their email being compromised usually goes hand in hand with their Graal account being compromised as well so that system is a bit useless since they could just approve the new computers.

It wasn't really announced but there is a system in place now that requires you to setup 2FA (Google Authenticator) in order to use RC and approve IP range additions which should prevent compromised active staff accounts from gaining access.

This was implemented after the whole UN ****-storm though.

Who said this is all down to the support center database? :noob:

You said recent compromises of graals databases? Only database that was compromised was toonslab. So I assumed that's what you was referring to.

I won't argue as I don't know any specific details, but I was under the impression that multiple databases were compromised, possibly one within the last week or so.

It's not good to make sudden assumptions

I had the right to assume since that's the only database that got compromised.

honestly what if the PWA's accounts have been compromised just sayin its possible most of the globals are inactive these days there accounts are probably easy targets by now

There are only 3 official global staff, and at least one other global staff who's existence hasn't been published.

It's a valid point though, it wasn't so long ago where a former higher-up account was compromised in an unpredictable capacity. Luckily the culprit had no malicious intentions.

Just discovered that a compromised account was disabled after the owner changed their password :oo:.