http://www.nu.nl/tech/3500845/online...tonen-lek.html
it's in dutch and the translate is pretty sure so i won't post it all. i remember seeing this posted n another site where he was trying to sell it before a few years ago (if it was him) lolHans Schröder and a friend in 2011 discovered a weakness in the help system of Habbo Hotel. Who create an account at the hotel will automatically receive a login for the help system. But who is an account in the help system had been automatically as an employee of Habbo Hotel and was labeled with all information of users.
"You could at data from 15,000 people who will help tickets had created. Then saw your username, email address, title of the message and the content," says Schröder to Nutech. "You could just export all information. Here you can properly abuse it and that had to be reported."
Results 1 to 10 of 25
-
15 Year Old Dutch Boy Sued after discovering exploit in Habbo Help Tool!
-
It's really worrying when even children can discover an exploit in such systems lmao.
Good news about the sueing though./
-
Well, did not expect this at all. Been a while since that happened.
-
15-06-2013, 02:46 PM #4
poor guy
#CutForHans
-
15-06-2013, 03:12 PM #5
Didn't understand half the translate but sounds like Habbo ****** up... again... lol.... :|
-
I think Sulake are playing with fire here. I was affected by the leak with personal info stolen. I had preliminary discussions about opening a legal case against Sulake which I won't discuss in detail. The information stolen here led to me being harassed at work, at home and over social media. I almost lost my job as a consequence of what people were able to do with my personal data. If I had lost my job, I would have undoubtedly taken decisive action.
Anyway, under the Data Protection Act Sulake are expected to do the following:
- Encrypt any personal information held electronically that would cause damage or distress if it were lost or stolen - they didn't.
Therefore, the rights of the individual in the same act states that:
- A right to claim compensation for damages caused by a breach of the Act.
Essentially, Sulake are expected to take measures to keep their systems secure. Okay, so the obvious argument is that it is Zendesk and not Sulake. However, Sulake are still legally responsible. They chose to remove their internal system and out source it to Zendesk. This decision ensured that a 15 year old boy could access thousands upon thousands of emails, phone numbers and credit card information.
They can sue people but they should have taken a lot more responsibility than they did. They never told me my information was stolen which also breaks the law. I had contact with Sulake staff in Finland who made it pretty clear they knew parts were stolen but did not know what, when or how. All of which I have email proof of.
If this game wasn't played mostly by teenagers who don't understand how dangerous this loss of information could be then they would have been sued and fined as and when it happened.
-
15-06-2013, 03:42 PM #7
-
they got anything you submitted to the help tool lol. how didn't you hear of this!
Originally Posted by e5
-
15-06-2013, 03:53 PM #9
I did hear it but like I dunno if they got passwords or not
Originally Posted by sex
-
This guy pretty much has it in the bag. They're aware that the leak happened, but are still unsure of what exactly was leaked. Similar incidents have happened before, and Sulake do have meetings over this. Originally Posted by edible
From a leaked presentation about a similar incident a number of years ago, it's apparent that they chose not to alert users as to not cause a ruckus and distress within the hotel, this itself is a poor choice as if they made the choice based on that this time, then they've broken laws.
Sulake did a bad thing here!
Reply With Quote
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts