A security issue in our system enabled some accounts' email address and date of birth to be exposed. We have resolved the issue and all accounts remain secure as this data alone does NOT allow access. If you would like to take extra precaution, please change the email associated with your account and be sure to keep your password safe. We take the safety and data security of our users very seriously and sincerely apologize for any inconvenience this has caused.

I wonder what this is to do with, because they haven't really explained themselves fully. What are your thoughts on this? This certainly isn't the first time this has happened.

-http://www.habbo.com/me

only my 10 year old email and fake d.o.b :)

they are such liars
i bet its much bigger than they are letting on

they are such liars
i bet its much bigger than they are letting on

yeh agreed, not exactly corrected their issue though. just hid it as usual

Can confirm that it was any account but the person doing it would have had to look for you. All that matters is that you should all change your email as a matter of urgency. I changed mine yesterday when I heard. It was emails, date of birth and other information.

It's disgusting how they didn't make this the news story you first see when you log in although it's clearly the most important. They tried to hide it and put it third. Not ******* surprised as this is the 3rd time in 2 years that our information has been stolen through Sulake incompetence.

Edit: they have now made it the first thing you read when you log on. Should have been done to begin with but better late than never.

They seem to be really poor with security related issues now right :L

what the hell!! Can never be trusted to keep our details safe. Such a joke.
have like 5 ids and now I have to make 5 new emails. not impressed ;l also my new email wont even verify grrr

Oh wow. Already in discussion with Sulake regarding a previous security issue, and now this happens..

---------- Post added 13-09-2013 at 11:36 PM ----------

If someone was to get your email address, and changed your Habbo password. Would they still have to go through the security lock (the 2 questions)? I hope so anyway, but looks like I'll have to spend half an hour setting up a new email address just in case.

It says my email isn't verified, so I click to send verification email, but the verification email goes to my old email address instead of my new one :S.

---------- Post added 14-09-2013 at 12:12 AM ----------

Nvm, logged out then logged back in and it worked.

I feel like there is more to this than Sulake is letting on, ugh this is so annoying and total breach of our privacy. A company this big shouldn't even have opportunity for people to exploit these things..

And I love how they are just trying to sweep this under the rug..

I honestly don't even feel safe on Habbo anymore and I'm a grown man... What a joke.

This isn't the first time things like this have happened though. Talk about making us feel safe when they leave it up to us to ensure our accounts are safe. They should give a real reason as to why it happened and not just cover it up with loads of crap (that takes the blame of Sulake)

I honestly don't even feel safe on Habbo anymore and I'm a grown man... What a joke.

hmmmmmmmmmmmmmmmmmmmmm



but yes someone told me they knew my email BUT DNT BELIEVE IT

Erm, so what's the general consensus? Do we/should we change our email? Has anyone confirmed their accounts being compromised during -this- security loophole?

it's barely been even a year since the last one and I have to make 20 new emails... AGAIN?

---------- Post added 14-09-2013 at 07:17 AM ----------


Erm, so what's the general consensus? Do we/should we change our email? Has anyone confirmed their accounts being compromised during -this- security loophole?

the habbo "Ruby" when this happened last time (around a year ago) had her details exposed. And trust me, it's WAY bigger than they're letting on, I suggest you do as they say and change it especially if you've ever used the help tool.

Saluke is such a joke. This is definitely bigger than they are claiming.

Yikes, noted & changing my email now.

oh god it be a miracle if i remember all these new email addys

At least its fixed now. :)

It's been over 24 hours and they haven't even emailed us to make us aware of the issue! If I wasn't a Habbox Forum user, I may not have even noticed.

Omg not happy about this if any of my furni is missing that is it im going to go up to the habbo office myself and scream my face off at them all!

Wtf hope mine are safeee! Sounds like **** to me they dunno what their doing nowadays, security

Is anybody able to shed a little more light into what has actually happened? Not full specifics but a little more detail would be nice. Was it another faux pas on the zendesk side of things or to do with the client itself? What details were actually exposed? How long was it possible? edible; Shorty; Abdicators;

Is anybody able to shed a little more light into what has actually happened? Not full specifics but a little more detail would be nice. Was it another faux pas on the zendesk side of things or to do with the client itself? What details were actually exposed? How long was it possible? @edible (http://www.habboxforum.com/member.php?u=27747); @Shorty (http://www.habboxforum.com/member.php?u=47534); @Abdicators (http://www.habboxforum.com/member.php?u=98000);
From my limited knowledge: people who were aware of and exploited this security flaw could find the email, date of birth and other registry information. It was unrelated to zendesk / help tool and the client. It could be done by those who weren't even logged into Habbo and or the client. I don't believe any information was downloadable so unless the handful of people searched for you specifically, you'll be fine.

There was no batch of users that are more at risk than others. Those who knew about the exploit could find information on ANY user.

Therefore, although, I don't know as much as a few people on this forum it is definitely advisable to change your email. This is just what I gather / have been told.

cba to change email

Oh yeah something that in my opinion is important:

When you change email (you definitely should) make a NEW id with your old email.

So say your Habbo name was Habbo and your email was [email protected] and you decided to change it to [email protected] I would make a new ID with the email [email protected]. This is because if anyone made a note of the email you use could make an ID with it and send in a help tool ticket saying "I need my name 'Habbo' reset back to this email". Staff will see the email used to be attached the account and are more likely to do it. Of course, you'll still have access to the email but they might change it before you notice.

As you can tell, I take my safety very seriously. I find it disgusting that this has happened again.

some accounts' email address and date of birth to be exposed.

it wasn't too long ago that this kind of information was all it took to receive someones password & it would have been anyone's but habbo's fault

edit, i bet habbo solt the details to 3rd parties to earn a bit of extra cash to make up for declining members

Oh yeah something that in my opinion is important:When you change email (you definitely should) make a NEW id with your old email.So say your Habbo name was Habbo and your email was [email protected] and you decided to change it to [email protected] I would make a new ID with the email [email protected]. This is because if anyone made a note of the email you use could make an ID with it and send in a help tool ticket saying "I need my name 'Habbo' reset back to this email". Staff will see the email used to be attached the account and are more likely to do it. Of course, you'll still have access to the email but they might change it before you notice.As you can tell, I take my safety very seriously. I find it disgusting that this has happened again.Ah, that's a very good point! That must be the one thing I didn't do. Thanks, +rep.

Is anybody able to shed a little more light into what has actually happened? Not full specifics but a little more detail would be nice. Was it another faux pas on the zendesk side of things or to do with the client itself? What details were actually exposed? How long was it possible? edible; Shorty; Abdicators;
There was a tool that allowed you to see the email and birthday of the account you want. It could be used with Habbo.COM, Habbo.ES and HABBO.COM.BR (if I remember correctly), so by using it you could know the email and birthday of the any account.

Me and BelieveMeSafety were the ones who reported it to powertoo at night, she was totally unaware about it and she hadn't idea what was going on, so we gave to her the email she had in her account as proof. We considered the best was to keep secret as much as we can, so we didn't share it. Afortunatelly no much people got it, there wasn't a big problem.

You don't have anything to fear at all. Someone only could get the information of your account if he had the tool, and if he used it to check your account specifically.

There was a tool that allowed you to see the email and birthday of the account you want. It could be used with Habbo.COM, Habbo.ES and HABBO.COM.BR (if I remember correctly), so by using it you could know the email and birthday of the any account.

Me and BelieveMeSafety were the ones who reported it to powertoo at night, she was totally unaware about it and she hadn't idea what was going on, so we gave to her the email she had in her account as proof. We considered the best was to keep secret as much as we can, so we didn't share it. Afortunatelly no much people got it, there wasn't a big problem.

You don't have anything to fear at all. Someone only could get the information of your account if he had the tool, and if he used it to check your account specifically.

However, I know for a fact that people who have replied in this thread knew about this exploit and used it. It was widely used and you are wrong and naive to say "you dont have anything to fear at all". When Habbox users have 100% used it then everyone who uses Habbox / well known on Habbo have every reason to fear.

Is anybody able to shed a little more light into what has actually happened? Not full specifics but a little more detail would be nice. Was it another faux pas on the zendesk side of things or to do with the client itself? What details were actually exposed? How long was it possible? @edible (http://www.habboxforum.com/member.php?u=27747); @Shorty (http://www.habboxforum.com/member.php?u=47534); @Abdicators (http://www.habboxforum.com/member.php?u=98000);

Hey,

Based on communication that was found between the scripts author and other "bad" Habbo users, it has been possible for a while. That is not to say however that it has been being used.

The user who found and exploited the bug had not actually divulged its existence to the majority of "bad" Habbo users until around the 11th Sep 2013, there may have been a handful who knew about it prior to that but I believe that group of people will have been very small.

As for more specifics to do with the bug, it was not the fault of Zendesk and was a bug in Habbos own software. It was quickly fixed as soon as staff really became aware of the issue.

I think the most scary thing is that tied with information that is available after using other tools (such as those on Habbies.nl), one would've been able to collect almost all the information the needed to convince customer support agents that they owned your account.

That being said, a user would've had to target you specifically in order to get your information so unless you was worth more than 90% of Habbos, your account is probably just as secure as always. However if you are worried at all, changing your email would really help you!

It might be worth pointing out, that it is also important to ensure that the emails tied to your accounts still exist and are active. If some one happens to find an email that is tied to your account, and no longer exists, they will be able to create it and from their take ownership of your account. You have to stay ontop of that.

However, I know for a fact that people who have replied in this thread knew about this exploit and used it. It was widely used and you are wrong and naive to say "you dont have anything to fear at all". When Habbox users have 100% used it then everyone who uses Habbox / well known on Habbo have every reason to fear.
I know there were more people that used it, I never said we were the only ones.

With that I mean with that is that it wasn't something like a whole list with all the account's information. So with the "at all" is because someone only could get your information if he specifically wanted to know the information or your account, which the possibilities are not really much.

Do you really think someone could be interested on knowing that kind of information of your account? If so, I'm sorry, I didn't know you were so famous :)

with the amount of times info has been leaked, people practically have all the info they need to use the helptool. I wanna change my dob ugh :llll

I know there were more people that used it, I never said we were the only ones.

With that I mean with that is that it wasn't something like a whole list with all the account's information. So with the "at all" is because someone only could get your information if he specifically wanted to know the information or your account, which the possibilities are not really much.

Do you really think someone could be interested on knowing that kind of information of your account? If so, I'm sorry, I didn't know you were so famous :)

The flaw has been about to exploit for numerous years. It is unclear when it was first exploited as it was only spread to a wider audience recently. As I said, there is someone in this thread who has used it and less than 20 people out of the thousands of use Habbo have replied. That shows how wide spread it was. To your sarcastic end comment: yes, I have no doubt I'd be in the top 10 or 20 of Habbos searched. Apology accepted.

There was a tool that allowed you to see the email and birthday of the account you want. It could be used with Habbo.COM, Habbo.ES and HABBO.COM.BR (if I remember correctly), so by using it you could know the email and birthday of the any account.

Me and BelieveMeSafety were the ones who reported it to powertoo at night, she was totally unaware about it and she hadn't idea what was going on, so we gave to her the email she had in her account as proof. We considered the best was to keep secret as much as we can, so we didn't share it. Afortunatelly no much people got it, there wasn't a big problem.

You don't have anything to fear at all. Someone only could get the information of your account if he had the tool, and if he used it to check your account specifically.

ey eye eyyy, i reported this before jake lol

For those that are wondering the information that was leaked from habbo, this is what happened when you searched a user:



Nick
powertoo


Email
****.*****[a]sulake.com (http://sulake.com/) (Clique aqui para buscar no facebook por esse email (https://www.facebook.com/search/results.php?init=quick&q=nana.arhu%40sulake.com)) (not sharing personal info


Data de nascimento / birth date
**/***/****(not posting personal info on habboxforum)


Hash
************************************************** *****(asterixing it not sharing personal info)


Status
offline


Criado em / joined
Apr 2, 2012


Missão / motto
Iku-Turso!!!!


Último login / last login
1 hour ago




Suggestion if you are worried and the e-mail you had is the e-mail that created your account contact customer support on https://help.habbo.com/request/new and tell them to disable e-mail changes to your account via customer support. If it's not your original e-mail address you have nothing to fear.