Hi all,

Not sure if anyone here at Habbox uses HabboKingdom but it looks like they had a security breach and their databases were stolen/accessed.

First Announcement:


Welcome back, over the last few hours we have been investigating recent events. Between the hours of 03:00 AM - 03:30 AM somebody accessed one of our admins accounts. We have a list of logs to prove how it was done, however we have not yet got to the bottom of who did it.

It's my duty to protect our users but some of our admins seem stupid enough to have silly passwords on their accounts and not to take any notice of the things i say to keep them safe. During this time @Bri's Habbo account got accessed and a fake HabboKingdom event was created and a link was advertised. We ask that ANYONE who visited that site is to contact me urgently as it is a virus. We have gone and reset all our Admin passwords and accounts. Currently we cannot confirm is our database was downloaded as somebody did SHELL our site and prune to files / database tables. Because the database was accessed we URGE THAT ALL USERS reset their account passwords. If your password linked to any other accounts such as Habbo, Facebook and emails we HIGHLY recommend you reset ALL your passwords and change your forum password to something not connected to them accounts. We are still reviewing the situation and we are putting some other security measures in place to avoid this happening again. Technically just blame @Jordan for giving himself full admin. As a official Habbo fansite we must protect our users and we are very sorry that this has happened. This is a user error by one of our admins what happen anywhere. I'll be making sure this never happens again.

Thread Link: http://www.habbokingdomforum.co.uk/showthread.php?t=9981


Second Announcement:



Important Notice


The Database was accessed through this security breech and passwords WAS leaked. I URGE YOU RIGHT NOW that you reset ALL your passwords if you used a personal password on the forum. You MUST reset your passwords if you used the same password for anything else for example, Habbo, Facebook and most importantly YOUR EMAIL ADDRESS.


Thread Link: http://www.habbokingdomforum.co.uk/showthread.php?t=9981

----

Just thought I'll post this in case anyone here uses their fansite.

This is the main reason why I try not to visit many fansites other than habbox. It's the only one I trust enough to be secure :P. Is habbokingdom official?

This is the main reason why I try not to visit many fansites other than habbox. It's the only one I trust enough to be secure :P. Is habbokingdom official?

Yeah it is

It annoys me that Devy doesn't use a capital I

Always issues at their site

Wow that is just sad... Stupidity of people.

Good thing I've never heard of them, I suppose.

Doesn't seem like a very professional fansite when instead whoever wrote the quote thing blames a list of people before apologising and taking blame themselves.

Also to read the threads linked you need to sign up for their forum. Hell to the no lol.

- - - Updated - - -

'Our databases have been hacked but to find out about this please sign up with us!! =]]]'

and this is exactly why i don't go on any other fansite than habbox.

I don't use fansites anymore, only Habbox. :P luckily enough!

Doesn't seem like a very professional fansite when instead whoever wrote the quote thing blames a list of people before apologising and taking blame themselves.

Also to read the threads linked you need to sign up for their forum. Hell to the no lol.

- - - Updated - - -

'Our databases have been hacked but to find out about this please sign up with us!! =]]]'


I was going to say, and to name them after referring to them as 'stupid'. Such professionalism.

I'm sorry, but by passwords do they mean plaintext passwords, if so.. that's stupid. Otherwise, not much of a biggy.

That's it, name and shame your admins... What an idiot. The owner should take responsibility for what has happened as it's there job to ensure admins passwords are secure and regularly changed rather than just tell them to without checking they have!

I'm pretty sure one of their admins was the owner of that scam room quiz

Haha I know exactly who this was, and to be fair anyone could have done this sooner, their security was terrible.

That's the only forum I use a different password on anyway, I don't trust Devy as far as I could throw him... The amount of time his other fansite was closed and re-opened due to him making retro hotels was stupid. Plus the fact that he used to attempted to DOS any new fansites that opened was just childish. He should be banned from having his fansites made official, he's a threat to everyone.

This is the main reason why I try not to visit many fansites other than habbox. It's the only one I trust enough to be secure :P. Is habbokingdom official?

I'm the same lol, and yes they are official. God knows why!

If passwords are plain text then they should remove all official status.

Sites need to take user security as the most important thing.

Haha I know exactly who this was, and to be fair anyone could have done this sooner, their security was terrible.

That's the only forum I use a different password on anyway, I don't trust Devy as far as I could throw him... The amount of time his other fansite was closed and re-opened due to him making retro hotels was stupid. Plus the fact that he used to attempted to DOS any new fansites that opened was just childish. He should be banned from having his fansites made official, he's a threat to everyone.

Our security is just the same as any other fansite. Also i've no clue who you are and past is past.

We always make security our main priority, however like at any fansite user errors happen. Sadly one of our Admin's got ratted and that is something we cannot stop or control. We warn our staff about rats etc but mistakes happen. The same issue happened to Thishabbo once and many other fansites. This was not because of any exploit within our forum it was a simple user error. Their is not much more any forum can do to secure it because it's all down to the software that is used and what can be exploited.

Our security is just the same as any other fansite.

We always make security our main priority

I don't even have to be working at Habbox to know that security here is much better and more professionally maintained than other fansites.

Our security is just the same as any other fansite. Also i've no clue who you are and past is past.

We always make security our main priority, however like at any fansite user errors happen. Sadly one of our Admin's got ratted and that is something we cannot stop or control. We warn our staff about rats etc but mistakes happen. The same issue happened to Thishabbo once and many other fansites. This was not because of any exploit within our forum it was a simple user error. Their is not much more any forum can do to secure it because it's all down to the software that is used and what can be exploited.

You know exactly who I am if you think hard enough.

Plus, if you do think hard enough you'll be able to know exactly who Ratted your admin.

Also, as mentioned above, why were all the passwords saved in plain text rather than hash? What were you planning anyway?

You know exactly who I am if you think hard enough.

Plus, if you do think hard enough you'll be able to know exactly who Ratted your admin.

Also, as mentioned above, why were all the passwords saved in plain text rather than hash? What were you planning anyway?

The passwords was not saved in plain text! All our passwords are hashed and i'll even double check. When a database is accessed people can decrypt the hash some how. The same happened to a few other fansites including Thishabbo. If you was to find the URL to the leaked database you would see that the passwords are not plain text.

But like i said past is past!

rly glad i chose habbox lol

I dont know if you signed up :S

This site has so many errors all the time, also laughing at it's the same as every fansite... well clearly not because most fansites don't get passwords leaked because they aren't stupid enough to hire stupid people who have stupid passwords etc etc.