Fired for being hacked

[Mathew]

Several people (Ouft and Alkaz come to mind, at present) have been fired lately for reasons beyond their control; they've been hacked. In order to keep Lee's thank you thread relatively tidy, I thought I'd start a discussion. I'd just like to start a discussion about whether this is actually for the best or not, as we all know that people are only "fired" if they are a threat to other Habbox users. But really, are they?

I will use Ouft as the perfect example, following a series of posts made in his thank you thread -> http://www.habboxforum.com/showthread.php?t=709163

I quote:

Yet again, I can't help but find it odd that someone is fired for this. It's not like Lee was out there advertising that he wanted to be hacked and had intention to cause disruption to Habbox. In addition, from the sounds of Kfnx' post, it appears that the work he put into Habbox far outweighs the amount of damage done. David seemed to be able to remove the piece of code in a flash, yet we have a hard-working, "team player with very good bonds" being fired for something which wasn't his fault.

It baffles me why Habbox are firing people when they have actually done nothing wrong. Ouft wasn't out there shouting "hey come embed some dodgy code on Habbox!!" - he was doing his job to the best of his ability, as always. Sadly, it just so happens that he was unlucky enough to be the chosen one to be compromised. Not only is Lee upset that his account has been compromised in the first place (I exaggerate, of course), but he now has to face the disappointment, finding out he's been fired from his role at Habbox.

Some people at Habbox put an immense amount of time and effort into this site and if you're hacked, it's all forgotten about. Gone. Kaput. From reading his thank you thread, it appears that Ouft put in a lot of work and it will be a dint in the department now he isn't there. Surely his contribution to Habbox outweights the short amount of time it took you to remove the problem?

But, there are precautions one can take as to avoid being hacked. We can only do as much as to preach security to staff members. We can't oversee that they're using strong unguessable passwords, secure email accounts, not using desktop sharing, logging into Habbox accounts at public spaces or scanning their computers for trojans.

None of the above would have stopped Ouft being hacked last night. Obviously I don't know the details, but in the event that he clicked a link to someone's tumblr and it just so happened it was dodgy, then you can't "preach" whether staff members click links or not.

Especially when a staff member is hacked and damage is caused we cannot just undo that damage and hand their account and authority back to them, where is the assurance that the same thing wont happen again a week from now? It's just too big a security risk for Habbox to take.

Where is the assurance that the same thing won't happen a month from now, when he's allowed to apply for RV again? Surely if you've been hacked once then you're an easy target for next time, no?

We cannot afford to turn blind eyes or respond slowly to threats.

Gotta give you some credit here for sorting it all out so quickly last night, Dave.

The most thorough way of doing this is often, regrettably, removing the hacked individual's staff role. This is foremost a security precaution but also serves as a sort of lesson to the individual to take security more seriously in the future.

That's rather patronising and I find it quite unreasonable to suggest Habbox's new moral is to teach the wonders of security. Yet again, what's to say it won't happen again in a month?

Thanks,
Matt

[GoldenMerc]

He's got a point as in you need to learn to be able to secure yourself if you've got powers (well to be fair ether way you should be secure) obviously ouft didn't get hacked by a clickjacker as they took his Habbox account, never the less i do feel its rather harsh, I'd personally demote them to the next level down.
Ross

[Inseriousity.]

Hmm yeah the logic behind it has a flaw in it when you know they're allowed back in a month's time. You're essentially just "letting them stay at habbox in the hope they dont get hacked again." So you either fire them and they remain fired forever (which seems rather harsh) or you don't fire them at all!

[Richie]

Of course it is right to fire a staff member if they've been hacked. They can reapply and learn from their mistakes. Don't click links, accept files and be sure to make your password difficult to crack. It's all a learning process, next time they'll be less likely to make silly mistakes and get their accounts compromised. It's different if a regular user is hacked, they don't have any permissions to leak information or to give a hacker access to a part of the site.

[xxMATTGxx]

Several people (Ouft and Alkaz come to mind, at present) have been fired lately for reasons beyond their control; they've been hacked. In order to keep Lee's thank you thread relatively tidy, I thought I'd start a discussion. I'd just like to start a discussion about whether this is actually for the best or not, as we all know that people are only "fired" if they are a threat to other Habbox users. But really, are they?

I will use Ouft as the perfect example, following a series of posts made in his thank you thread -> http://www.habboxforum.com/showthread.php?t=709163

I quote:


It baffles me why Habbox are firing people when they have actually done nothing wrong. Ouft wasn't out there shouting "hey come embed some dodgy code on Habbox!!" - he was doing his job to the best of his ability, as always. Sadly, it just so happens that he was unlucky enough to be the chosen one to be compromised. Not only is Lee upset that his account has been compromised in the first place (I exaggerate, of course), but he now has to face the disappointment, finding out he's been fired from his role at Habbox.

Any user on this forum is responsible for their own account safety. Staff members need to make sure their accounts aren't easy to get into by easy passwords to the accounts/emails/recovery questions and more. I don't like blaming people that they got hacked but sometimes it does involve in the actual user doing small mistakes when choosing their security options on any accounts they may use on the internet.

Some people at Habbox put an immense amount of time and effort into this site and if you're hacked, it's all forgotten about. Gone. Kaput. From reading his thank you thread, it appears that Ouft put in a lot of work and it will be a dint in the department now he isn't there. Surely his contribution to Habbox outweights the short amount of time it took you to remove the problem?

Yes we are aware of that but when damage has been done on Habbox, when it has put users of our site at risk. We cannot let them just get away with it and hope for the best, when they could be hacked the following week and more damage to be done. Any hacked staff member has lessons to be learnt and realise what has happened, how it has happened and how they can prevent in the future. They can always have a job back at Habbox after 30 days and during that time, they should be teaching themselves on how not to get hacked again.



None of the above would have stopped Ouft being hacked last night. Obviously I don't know the details, but in the event that he clicked a link to someone's tumblr and it just so happened it was dodgy, then you can't "preach" whether staff members click links or not.

No but we have warned users and staff members not to click any links they are unsure of and it was reported by other users that they were using other links like tumblr and so on. Again, this is the responsibility of the user.


Where is the assurance that the same thing won't happen a month from now, when he's allowed to apply for RV again? Surely if you've been hacked once then you're an easy target for next time, no?

We are hoping it doesn't happen again, if it does and it's the same person. Something isn't quite right!


Gotta give you some credit here for sorting it all out so quickly last night, Dave.


That's rather patronising and I find it quite unreasonable to suggest Habbox's new moral is to teach the wonders of security. Yet again, what's to say it won't happen again in a month?

Thanks,
Matt

In bold.

But we are not changing on how we deal with staff members when they get hacked and damage has been done to Habbox. Not only that but last nights hacking put a big risk to any user who visited the Habbox website and if it wasn't for David being online at the time and other members spotting it, a lot more damage could of been done and a lot more users would of been targeted.

Of course it is right to fire a staff member if they've been hacked. They can reapply and learn from their mistakes. Don't click links, accept files and be sure to make your password difficult to crack. It's all a learning process, next time they'll be less likely to make silly mistakes and get their accounts compromised. It's different if a regular user is hacked, they don't have any permissions to leak information or to give a hacker access to a part of the site.

Exactly.

[Hayleigh]

Of course it is right to fire a staff member if they've been hacked. They can reapply and learn from their mistakes. Don't click links, accept files and be sure to make your password difficult to crack. It's all a learning process, next time they'll be less likely to make silly mistakes and get their accounts compromised. It's different if a regular user is hacked, they don't have any permissions to leak information or to give a hacker access to a part of the site.

Thing is Richie even one of the highest up members of staff could click a link :S It's not really something you learn from, its targetted at you. You can't always say that someone who has not been hacked, keeps their account more secure that someone that has as its down to badluck if you get hacked or not in some cases.

[Richie]

Thing is Richie even one of the highest up members of staff could click a link :S It's not really something you learn from, its targetted at you. You can't always say that someone who has not been hacked, keeps their account more secure that someone that has as its down to badluck if you get hacked or not in some cases.

That's my point hayleigh, be more secure. Preview a link before you click it, google the website if needs be. There is plenty of security measures people can take, it's just the lazy option of clicking a link and hoping for the best outcome. Bad luck? if that is the case habbox management must be extremely lucky :rolleyes:.

[Gina]

I think they shouldnt be fired I recon its like abit harsh tbh if there really dedicated nd stuff why would they want to click a link
why would they want to get fired
how is it there fault
what if this happend to like someone in a high role of habbox...
They obviously wouldnt have been like
OMG OMG HACK ME PLS I WANNA GET FIRED
would they
I don't think its fair tbh, its there like senior dj lets say just demote them to normal tbh? :S Lee as an example was EXTREMELY dedicated to his department
so was jord when he got hacked as assist hxhd manager..
hardly there fault
Just saw alkaz

[Matthew]

So it's not the users fault if they click a malicious link?
It's not the users fault if they go on a dodgy site?
It's not the users fault ifnthey have a poor password?

Who's fault is it then.. :rolleyes:

I think they shouldnt be fired I recon its like abit harsh tbh if there really dedicated nd stuff why would they want to click a link
why would they want to get fired
how is it there fault
what if this happend to like someone in a high role of habbox...
They obviously wouldnt have been like
OMG OMG HACK ME PLS I WANNA GET FIRED
would they
I don't think its fair tbh, its there like senior dj lets say just demote them to normal tbh? :S Lee as an example was EXTREMELY dedicated to his department
so was jord when he got hacked as assist hxhd manager..
hardly there fault

[Richie]

I think they shouldnt be fired I recon its like abit harsh tbh if there really dedicated nd stuff why would they want to click a link - I don't know but they did.

why would they want to get fired - They probably don't but security should always come first.

how is it there fault - They clicked the link.

what if this happend to like someone in a high role of habbox... - I'd imagine they'd get fired too, if not that's a little contradicting, isn't it?

They obviously wouldnt have been like
OMG OMG HACK ME PLS I WANNA GET FIRED
would they - What the hell are you talking about? no-one is accusing anyone of getting hacked purposely.

I don't think its fair tbh, its there like senior dj lets say just demote them to normal tbh? :S Lee as an example was EXTREMELY dedicated to his department
so was jord when he got hacked as assist hxhd manager..
hardly there fault - It's their fault though, lol. If I got hacked and I was staff I'd be pissed that I got fired but I'd know it's in habboxs best interest. Demoting shouldn't be an option either, they are still a risk. Regular DJs also have access to the radio panel and could leak information like the radio password or upcoming events that management want to keep on the down low.


Everyone on this forum knows 90% of the time I'd disagree with management but jesus you don't have a very strong argument. I wouldn't be fussed about management not firing people after being hacked but it's in my interest as well. If mattg got hacked and my account was compromised or my computer was at risk of being infected i'd be extremely annoyed if he wasn't dismissed. You are putting other users in danger, it's common sense. Security risk = fired.