DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Empire Minecraft [NOTICE] Staff Information Data Leak

Posted on September 15, 2016 by Dissent

Krysyy wrote:

Dear EMC Community,

It has come to our attention that one of our Staff Team member’s accounts was recently compromised. A banned player with malicious intentions utilized a Staff member’s account and accessed staff confidential information. Some of you may have already been aware of this, due to the player’s not-so-subtle temp and permabans of some players. After analysis and information gathered, we have determined the full extent of the breach and are sharing it with you, the community so that you are aware. Please note that this was a Moderator account and as such, certain details were not made accessible to them at all. Information such as player registration email, private chat, etc are only accessible to the Senior Staff and above and was not compromised. And even if it was a Senior Staff account, we made security improvements after the last incident to lock the admin panel down to an IP white-list to avoid future data deletion as had occurred.

We are initiating a Zero Tolerance policy with regards to this issue. Note that the inquiry into, or the sharing of, the private information as it was leaked, is grounds for an immediate and permanent in-game and site ban, as well as further legal action if deemed necessary.

The player that was involved has already been handled, but may be reaching out via Skype or other social media to share this information. Do not give them the recognition that they seek by continuing to share it or giving them credit by name.

Data that was accessed and downloaded includes the following:

Staff Google Drive:

  • Contact Sheet
    • Emails for all staff members
    • Phone numbers for some staff members (Note: Harassment is a criminal offense and the police may be involved if this occurs)

Staff Threads:

  • An Explanation and a REALLY Thorough Guide (The Staff Guide/Moderator Handbook)
  • All Vote Appeal Polls
  • Security Breach and Good Password Practices (Player had access for a little longer than we initially thought and saw the thread where we instructed staff to change their passwords)
  • Multiple Stream Team Guide Threads

Staff Tool – Square:

  • The Front page and Reports against tab in a static page – All Staff Members as well as some players. Players will be notified in a private conversation if their information was accessed.
    • The Front page includes the most recent IP and Staff Notes for each player, time on the Empire, rupee balance, token balance, experience totals, and residences owned at the time of download.
    • The Reports Against tab Includes all reports made against the account through the /report feature
  • IP Ban List
  • Derelict Protection Account List
  • Watch List for the Moderator Account Accessed
  • One page of recent Staff Events
  • One page of recent Staff Notes
  • One page of recent session logs (Players will be notified if their information was present on this page)
  • The Square dashboard at the time of the access

Given when this player first started harassing us, we took the effort to get all staff to review their password policies, to choose stricter passwords, and to enable 2-factor authentication where they can. The issue was purely due to bad password policies (password re-used that was also used on another service that was compromised and their passwords published)
While 2-factor authentication would have helped some here, the proper course of action is to ensure staff has unique and complex passwords. We will explore 2-factor authentication on the entire forum login level, but given the complexity to add that, it might take some time. A good password is the best first step, and 2-factor is just a fail-safe.

If anyone has any further questions, please send a pm to pmss.emc.gs in order to discuss. One of our Senior Staff or Krysyy will respond.

Category: Breach IncidentsBusiness Sector

Post navigation

← Someone just lost 324k payment records, complete with CVVs
“Fancy Bear” Release More Confidential Athlete Data; WADA Confirms →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon
  • US govt login portal could be one cyberattack away from collapse, say auditors
  • Two Men Sentenced to Prison for Aggravated Identity Theft and Computer Hacking Crimes
  • 100,000 UK taxpayer accounts hit in £47m phishing attack on HMRC
  • CISA Alert: Updated Guidance on Play Ransomware

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant
  • US State Dept. says silence or anonymity on social media is suspicious

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.