CM Announcement cm New Hosting server-we need your feedback

When this problem first arose this morning, I was 'logged in' to many accounts across my computers. Including MaxD and NeilW. I was not able to access anywhere, it would log me out or throw up a security error. Likewise when people contacted me, having been logged in as me. For instance Mark at 32Red. I asked him to access my inbox and he was unable to.

yeah, was looged in to your account as well
but said I dont wanna read private info
but this guy's PMs I could read and did as there were no sensitive info and just wanted to see if I can
IMG_1921.JPG
 
main site seems much faster, forum seems about same'ish as it was before (although i havent been on here much the last couple hours so haven't had much time to tell). But
certainly the main site is much quicker (can tell its much quicker from before, as checking it out lots with the cm comp and other stuff was quite slow at times:) )
 
what is happening ??????????
it's to bad for it to be a 1st of April joke as I had acces to lots of PMs that were not mine

and who had acces to my PMs ?????


Your third message down in your inbox - the Nigerian stud is a fake picture and don't send him the $1485 air fare he wants in order to visit you in Helsinki - it's a SCAM! :eek2::thumbsup:

The Italian one further down seems more genuine.
 
Your third message down in your inbox - the Nigerian stud is a fake picture and don't send him the $1485 air fare he wants in order to visit you in Helsinki - it's a SCAM! :eek2::thumbsup:

The Italian one further down seems more genuine.

nooooooo
just no.
dont ruin a girl hopes ....
BBC was on my to do list now all my hopes and money are gone :mad:

ps. BBC means BBC News folks
 
I have nothing to hide.. but yeah this isn't cool :eek::confused:

here you are, sorry! as said I only wanted to see if I can actually read somebody's PMs and as you had meiseter's PMs opened one of them for my own curiosity.
yeah, not cool at all....
and seems that data breach now means '''unexpected' behaviour so that's that :thumbsup:
 
here you are, sorry! as said I only wanted to see if I can actually read somebody's PMs and as you had meiseter's PMs opened one of them for my own curiosity.
yeah, not cool at all....
and seems that data breach now means '''unexpected' behaviour so that's that :thumbsup:

We could spin it positive and call unexpected behaviour, "interesting new feature"... :)
 
FWIW there was no "data breach" in the sense of getting hacked or whatever. It was a tech issue on the server-side where a particular version of their software glitched with a particular version of our software and produced those "account ghosting" issues. We've thoroughly investigated the post and access records for all of the Admin level stuff and nothing unexpected happened there, it seems the Admin level was and remained secure.

The vast majority of ghosted accounts were unable to do anything, they got "Security error" pop-ups and were automatically logged out. Obviously that wasn't true in all cases but the Dunover thing seems to have been the exception not the rule.

I'll update further if and when we have more info to share.
 
FWIW there was no "data breach" in the sense of getting hacked or whatever. It was a tech issue on the server-side where a particular version of their software glitched with a particular version of our software and produced those "account ghosting" issues. We've thoroughly investigated the post and access records for all of the Admin level stuff and nothing unexpected happened there, it seems the Admin level was and remained secure.

The vast majority of ghosted accounts were unable to do anything, they got "Security error" pop-ups and were automatically logged out. Obviously that wasn't true in all cases but the Dunover thing seems to have been the exception not the rule.

I'll update further if and when we have more info to share.

How many member accounts were compromised?
 
Are you saying that someone did manage to use your account, but you couldn't?


Yes, steveh35 was able to send admin a PM from my account when he visited the forum. I accessed the site and came up with Webczas and could have done the same with that account presumably, but I just shut the browser down immediately. On the admin side we can see our account access data and mine was accessed 4 separate times in a 5-minute period all from the same person, could have been refreshing their browser to see if error went. Nobody else. It appears that each member randomly got access to an account, but only ONE unique account. So whomever got your account would seemingly get it next time they visited too but not a different one. Unless anyone knows otherwise?
 
How many member accounts were compromised?

That's very difficult to say. Since the login appeared as someone else it's difficult to know who was logged in as themselves and who ended up being logged into one of the account "ghosts".
Current estimate is around a dozen, between 3 and 11 am.
As mentioned the accounts were mostly not "compromised", they were logged out after trying to do anything and getting the "Security error" pop-up.

... Unless anyone knows otherwise?

My understanding (if I recall correctly) was that that was not the case. One of the admins, for instance, ended up getting two or three different "ghost accounts" over the course of several hours and multiple logins.
 
Last edited:
Probably worth mentioning that only users that logged in between those hours had the potential to be "ghosted" by another user. So if you hadn't logged between the hours the glitch was active -- currently believed to have been between 3am and 11am -- then you could not have been "ghosted" and there's no need to be concerned about the safety of your account.

FWIW I was one of those who logged during those hours and nothing whatever happened to my account. Those who got it reported the "Security error"/logged-out scenario.

If you were one of those who logged in during those hours it would be prudent to change your password, just in case.
 
Hey @colinsunderland , as Maxd Mentioned was something between 3 and 11am, but ONLY Logged users during this period could be "suffered" this Security Issue. Only Users with Admin Privileges ( me, Casinomeiser, and other CM Staff) had access to some restricted areas inside CM. Currently we have checked using other Internal Admin tools to see if someone has commited some infraction. Please if you have any other doubt about this issue or you're experiencing some Issues with the Forum, send us an email and we will check: tech@casinomeister.com
 
Rather than members sitting and crying about security breaches here lies a lesson on internet safety for us.

When I use a forum I approach it as if I expect it to be seen by someone at some point. Be it a hacker, a moderator or Bryan.

I would never say anything in a pm that I wouldn’t say to someone’s face. Nor share personal data that could lead to someone using my info for fraud. We don’t register here with detailed contact info.

I guess that’s why VSteam insist that details are sent in an email to them.

Why are people stressing about it and using GDPR references? It’s a forum not a blooming bank or gaming account.
 
Last edited:
FWIW we moderators can't see your PMs, not that we'd want to. Bryan might be able to -- having the Grand Poobah privileges that he does -- but I'm not even sure of that.
 

Users who are viewing this thread

Meister Ratings

Back
Top