We're back!

[DarkDude]

It seems some people are a bit aggravated over their lack of tip.it as of late. You want to know why he's repeating himself? Because what he said covers what you need to know. Period. When he says everything, he means EVERYTHING. The information you're looking for isn't going to be on hand by everyone, so to keep targeting him after he's given quite a sufficient answer is just rude.

 

And the whole "You've said that 3 times now" ordeal. Ok, yeah, he did. But he shouldn't have to. You're forcing him to by constantly targeting him for giving the right answer. Just because it doesn't fit your exact desires for a response and isn't fleshed out to hold your hand doesn't mean that you have to bite his head off. Seriously.

 

I didn't ask for anything from him, i asked for information from someone who knows what is going on, like maybe Peter or Puremage. Transparency has been an issue with this site and many have left due to it.

What exactly do you hope to do with this information? How does it possibly benefit you to know exactly which backups were taken?

 

I've repeatedly said we're operating under the assumption that they have access to anything and everything related to this forum going back multiple years. I don't understand why you're so adamant to have specific but ultimately useless information...

 

Multiple Years means absolutely nothing. What is the date is the earliest backup they had access to? How often were backups taken and were these all still stored? The fact that until now it wasn't even stated that backups spanning YEARS was likely to have been taken (which should have been stated right away in the announcement) is ridiculous and needs to be put on the front page of the site ASAP so EVERYONE knows. And if I'd never even asked when would this information have been released, or would it have been kept secret?

 

So does years mean 2004? Late 06? Early 08? September 09? What?

 

There's much more that could be told in top of that but that's just the start.

[spooferfish]

So glad we're back! :) Was kind of rough without the forums.

 

I ventured over to another forum to try and fill the hole Tip.It left in my heart and soul. It was terrible. :( Had to have mod/admin approval for posts, 2 days passed and no approval.. Sad really.

 

Glad to be back here, and we didn't lose anything?

[Psycho_Robot]

From 06 to 07 my TIF password was the same as my Q password. Then in 08 I changed it to my X password. In 09, I changed it to my Y password. In 10 I changed things up a bit and changed it to my Z password. Just a few weeks ago, I changed it to my W password. I need to know what date ranges the hackers had access to so I can change ONLY that account's password. I'd really hate to change passwords that I don't really need to, especially for services where my password has apparently been unchanged for several years.

Edited October 15, 2011 by Siobhana
Edited out the info for you. Don't wish to give people that much info

[Siobhana]

They have had access to our DB. They have had access to our backups. As for which they've taken there is no sure way of knowing, so assume all. Aka, go back and change all those passwords, and for your own safetys sake, use a different one for each place. Get a little black book or something.

[Mdeoxys]

It's good to be back! Thanks to all the people who worked hard to get everything back up and running.

[essiw]

I don't get why there is such a fuss about this. Darkdude asks a question which seems reasonable to me. Then he gets told by Y_Guy the same thing over and over again (we already know your point, there is no need to say it that many times, two times would already been good to make your point). Then some people are going to argue about the people asking the question that they shouldn't do it and be glad with the answer they have gotten. Sorry but I don't get that... Just let the people reply who know the real answer instead of all mods saying the same thing over and over again, they don't want to know that answer so why are you repeating it?

[MageUK]

I didn't realize asking to know what exact information that was compromised was a difficult request. I apologize if I created more work.

 

It's impossible to know unless you could hack the hacker's computer. Hence, why it is to be assumed everything and anything on tip.it and it's databases has been compromised.

 

This is actually true. While we know what was on the servers themselves, it's pretty much impossible for us to know exactly what was taken, and so we have to assume everything was taken. This includes:

IPB Forum database - probably taken between 6th - 10th October

phpBB Forum database - since we don't use this, the date it was taken is irrelevant but it likely covers most of the time phpBB was active (04-05 until we switched to IPB), however it should also be using a more complex hashing method which is more difficult for them to crack (with regards to passwords), but will still contain other information such as e-mails and registration IPs

 

Hopefully that clears up some questions about what was taken, but as far as information goes, that's what we have, they may not have even taken all of that, we just have to assume they have.

 

Why was tip.it hacked? That one mention of tip.it times in the botting newspost?

 

These cheaters are getting ruthless...

 

We were targetted, just like the other fansites recently, because we contain a lot of user information which they can use to try and recover RuneScape accounts, which is why we're trying to push everyone to ensure theirs is secure.

[JakeTheCat]

A warning to all... do a mental survey. Any other websites where you used your email address and the same password? Even casual ones? Might want to change those too, before too much time goes by.

 

My trick. I embed a portion of the website's name in my password. That way, they are still easy to remember but still unique for each site.

[essiw]

Just a question, why where there still databases with old encrypted passwords and e-mails from years ago? Wouldn't it be more save to only keep the last few years?

[Kaida23]

While we know what was on the servers themselves, it's pretty much impossible for us to know exactly what was taken, and so we have to assume everything was taken.

So then pretty much everything obfuscator has been saying was right to begin with. That's the problem with information theft, it's almost impossible to tell what was taken as nothing is actually missing.

 

My trick. I embed a portion of the website's name in my password. That way, they are still easy to remember but still unique for each site.

That's a good idea. I may start doing that myself. :thumbup:

[mcneilp]

Good to have it up and running again. Well done to the admins and crew who've no doubt had a headache with all of this.

[Racheya]

I think it's time for me to overhaul my passwords now. Yes, it's a faff, and annoying, but it's something that needs to be done. If you think a burgalar has a copy of your house keys, you don't leave it to chance - you change the locks.

 

I'm glad to see Tif back :)

[Albel]

Good job admins for all your hard work, so happy to have TIF back :thumbup:

[Aurhora]

*hugs the forums*

[DarkDude]

This is actually true. While we know what was on the servers themselves, it's pretty much impossible for us to know exactly what was taken, and so we have to assume everything was taken. This includes:

IPB Forum database - probably taken between 6th - 10th October

phpBB Forum database - since we don't use this, the date it was taken is irrelevant but it likely covers most of the time phpBB was active (04-05 until we switched to IPB), however it should also be using a more complex hashing method which is more difficult for them to crack (with regards to passwords), but will still contain other information such as e-mails and registration IPs

 

Hopefully that clears up some questions about what was taken, but as far as information goes, that's what we have, they may not have even taken all of that, we just have to assume they have.

 

So they could have multiple copies from 04/05 - September/October 2009 and then one copy from sometime between 6th-10th October 2011? So there's a two year gap where there's been no information for them to take correct? Or do they just have one copy from phpBB taken from when we switched over in 09?

 

Either way that's a lot less severe and pretty much the opposite of "everything in the last few years" where it's pretty much "everything but the last few years"

 

Thanks

[Kaphias]

I am secretly using my h4xing pr0wess to be in ur baes, destroyin yer emailz.

joke plz

[MageUK]

So there's a two year gap where there's been no information for them to take correct? Or do they just have one copy from phpBB taken from when we switched over in 09?

 

It's possible they would have the phpBB copy which covers from 04/05 to 09 and then they definitely have the IPB database which covers 09 - 11 (current).

[DarkDude]

So there's a two year gap where there's been no information for them to take correct? Or do they just have one copy from phpBB taken from when we switched over in 09?

 

It's possible they would have the phpBB copy which covers from 04/05 to 09 and then they definitely have the IPB database which covers 09 - 11 (current).

 

So they have backups from both too? You made it sound like they only had one version of each.

[MageUK]

The years I am quoting is what years the backups cover, not the years the backups were taken in. They had access to a phpBB backup which covered 2004/5 - 2009 and the IPB database which covers 2009-2011.

[Low C]

Thank-you for the reply MageUK. Not sure what the big deal was about divulging that bit of info.

[DarkDude]

The years I am quoting is what years the backups cover, not the years the backups were taken in. They had access to a phpBB backup which covered 2004/5 - 2009 and the IPB database which covers 2009-2011.

 

But if it's a singular copy they've taken then surely they only got the information at the time the backup was taken. So when you say a phpBB backup surely that only contains the emails/passwords from that point in time rather than everything from 04-09. Unless I'm completely misunderstanding what you're saying there was two databases available, one from phpBB (which would be from September 09 when we switched over to IPB if it's the version I'm thinking of, but regardless at one point from 04-09) and then one from IPB this month and that's it.

[MageUK]

The years I am quoting is what years the backups cover, not the years the backups were taken in. They had access to a phpBB backup which covered 2004/5 - 2009 and the IPB database which covers 2009-2011.

 

But if it's a singular copy they've taken then surely they only got the information at the time the backup was taken. So when you say a phpBB backup surely that only contains the emails/passwords from that point in time rather than everything from 04-09. Unless I'm completely misunderstanding what you're saying there was two databases available, one from phpBB (which would be from September 09 when we switched over to IPB if it's the version I'm thinking of, but regardless at one point from 04-09) and then one from IPB this month and that's it.

 

Now I see what you're getting at... your question was a little ambiguous the way I read it.

 

The phpBB backup is from approximately 2009 and would contain all usernames of users that registered 04-09, but only the passwords/emails which were set when we closed the phpBB forum in 09. The IPB backup would be the same, they would have data that was set between 6th - 10th October.

[Sy_Accursed]

So only really 2 backups then, 1 with very old data and 1 with the past weeks?

[MageUK]

We had another backup of the forum stored too on 26th September 2011, but they most likely didn't bother with it.

[DarkDude]

The years I am quoting is what years the backups cover, not the years the backups were taken in. They had access to a phpBB backup which covered 2004/5 - 2009 and the IPB database which covers 2009-2011.

 

But if it's a singular copy they've taken then surely they only got the information at the time the backup was taken. So when you say a phpBB backup surely that only contains the emails/passwords from that point in time rather than everything from 04-09. Unless I'm completely misunderstanding what you're saying there was two databases available, one from phpBB (which would be from September 09 when we switched over to IPB if it's the version I'm thinking of, but regardless at one point from 04-09) and then one from IPB this month and that's it.

 

Now I see what you're getting at... your question was a little ambiguous the way I read it.

 

The phpBB backup is from approximately 2009 and would contain all usernames of users that registered 04-09, but only the passwords/emails which were set when we closed the phpBB forum in 09. The IPB backup would be the same, they would have data that was set between 6th - 10th October.

 

That's exactly what I figured :). The way you said it "covers" a certain time period makes it sound like they'd have all the data from that period of time.

 

That's a lot better scenario then, as they only have two potential passwords (and other set of information) for each user. One from from 2009ish and one from this month. That's so much better than "everything" like it was being made out to be previously.

 

Thanks a lot for the responses. It's worth putting that a backup from roughly 09 was most likely taken too just so everyone is aware of that.