Results 1 to 5 of 5

Thread: Suba Games Forums Hacked

  1. #1

    Default Suba Games Forums Hacked

    I don't represent Suba Games, nor is this an official announcement. I'm just someone who started getting spam emails, and did some snooping.

    Suba Games Forums have been hacked sometime in March. This thread should not be deleted. In fact, Suba Games should take measures right now to protect it's users and educate everyone on what they should do (including changing their passwords on this website, and on all other websites that use the same email address here).

    1. No notices or announcements have been sent.
    2. No forced password changes have been required.
    3. It's very likely that your forum password and sign on password for any games you play are the same.

    How do I know this?
    1. I read the news.
    ::: https://www.ibtimes.co.uk/millions-a...rk-web-1613849
    2. I've verified this.
    ::: https://haveibeenpwned.com/
    3. I've found a .onion (TOR) website selling my information.
    ::: No links, unless you use TOR (which I will be happy to send to admins). I can verify this claim.
    4. People are getting spammed, including myself.
    ::: All emails I use with this website are getting brutally spammed. Your mileage may vary.

    So what's the issue and why should people care?
    1. If no notice was sent, then it's possible Suba Games is unaware of this, and has not updated their forum software. The website and all its information is still at risk.
    2. Depending on what mods Suba Games are using, it is not difficult to pull a plain text password. I've done it before.
    3. Negligence can lead to further damage, and possible legal liability depending on how the situation is handled.

    From The Terms and Conditions
    https://subagames.com/termsandcondition.aspx

    Quote Originally Posted by Limitation of Liability
    Under no circumstances, where permitted by law, including, but not limited to negligence, shall Suba Games be liable to you for any direct or indirect, punitive, special, incidental or consequential damages allegedly sustained by you or any third parties from your use of the service or the content or your inability to access or use the service. Some jurisdictions do not allow the exclusion or limitation of liability for punitive, consequential or incidental damages. In such jurisdictions, Suba Games' liability is limited to the greatest extent permitted by law.

  2. #2

    Default

    I held back on posting this for a very long time to wait and see if Suba Games would take action. This information is already publicly known, and should be handled by the company appropriately.

  3. #3

    Default ok so u were pwned

    ..but how do u know it was via Suba?
    ign: mulatto / livnletdie
    once we were reborn..now we are Legends

  4. #4

    Default

    Quote Originally Posted by PTlooNy View Post
    ..but how do u know it was via Suba?
    I have a unique email address for every website I register with. Technically they're forwarders, I only have one email address. When these forwarders began to get spam, it tells me which email address (forwarder) it was sent to.

    Let's say I have an email with a company called "Domo Inc." it could be 48220195@my.email and I could have an email with a company called "Suba Games" called 85285514@my.email. If I begin receiving spam in one of these addresses, not known to anyone elsewhere, then I know something happened.

    The news only enforced this logic, therefore there must have been a breach or a compromise somewhere.

    Plus, my mail server is located in my basement so there's no way anyone could have access to it since it's only a receiving inbox and not able to make outbound connections. Call me Hillary if you will, but it works. I use Mail Channels for relaying outbound messages.

    My Routing Servers: https://intodns.com/swapdns.com
    My Nameservers: https://www.whatsmydns.net/#NS/swapdns.com
    My Accepting Server: https://www.whatsmydns.net/#MX/larry.email
    Forwarding Server: Private
    My Sending Provider: https://www.mailchannels.com/
    Source Info: https://www.ibtimes.co.uk/millions-a...rk-web-1613849
    You may verify your email here: https://haveibeenpwned.com/
    If you're in Suba Games management, send me an email and I"ll send you a TOR / .onion link to where information is being sold.

  5. #5
    Join Date
    Sep 2009
    Location
    Monterrey
    Posts
    224

    Default

    That's really scary, they haven't even given time to answer you or maybe they don't know how to react on this.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •