ID:35498
 
If you used the same password that you use for BYOND when you made your character, I strongly advise you to change your password immediately. Hikato has all of those passwords, and has already logged into a few peoples accounts. The server is no longer up, and Hikato may or may not use those passwords to do some evil bidding. Please change your password immediately, and I apologize for his stupidity.

Once again, sorry that Hikato is a password thief, and I'm sorry that you I forgot to give fair warning on in the original post.
There's a way around this. Use password encryption in the accounts/p field of the realmd database. :) Probably a bit late now though. What core database were you guys using?
Hikato was hosting the accent server using HyperBYOND. The passwords aren't encrypted in the database, so he just went in there and looked at the password beside everyones name.
Accent is icky. You should use MaNGOS. :) And use someone that isn't a complete retard to host your server, hehe.
Ascent's better than MaNGOS in my opinion. Less buggy, anyway, and easier to work with.

Hikato didn't go out of his way to obfuscate the account passwords. That in and of itself isn't necessarily bad, so I can't fault him for that. When he started logging in to other people's accounts with the information, though that raises a red flag.

Mikau, GDT, and I (the three appointed GMs) really dropped the ball on this, though. We knew Hikato doesn't follow the same standards of conduct most people do, and we knew that the passwords weren't hashed, but we didn't push the point on new players. Some people didn't know at all. That's as much our fault as it is Hikato's, and I appologize for that.
I can't believe people would use there regular password on a server like that. Especially there byond password.
And that's why I always tell people anything to do with HyperBYOND is untrustworthy.
Wow, I don't think I saw this coming! Not at all! I mean, it's not like he hasn't pulled a similar stunt before, no siree.

Evre wrote:
Mikau, GDT, and I (the three appointed GMs) really dropped the ball on this, though. We knew Hikato doesn't follow the same standards of conduct most people do...

I'm not concerned about you not telling the players as much as why the hell you still let him in that position in the first place, if you already had doubts about the guy. You dropped the ball way before Hikato started logging into anybody else's accounts.

"He's not exactly trustworthy but we're going to trust him with your information anyway."
Good thing my password was 'lolitscheetoz', I saw this comming. :D
Yeah, I didn't create a account with that, but I sure as hell wouldn't have used one of my normal passwords. Any service provided by a BYOND member is a service I use a password nothing like my BYOND Key or email addresses that BYONDers know. It's just common sense.
I never joined because Hikato was running the server. :P

Boo @ HyperBYOND, digitalBYOND for the win!
you have to admit, to outsiders, this is pretty epic lulz.
I admit nothing!
Are you surprised Mikau? I honestly have no idea why you trusted him in the first place.
who the hell uses the same pass for everything
Trunks Master wrote:
who the hell uses the same pass for everything

According to most studies, most people. Sad as it is.
Trunks Master wrote:
who the hell uses the same pass for everything

Considering I probably log in to fifteen or twenty seperate sites a week on average, I do. It's stupid to expect someone to memorize a unique password for every account. Keeping a text or written document is just as bad, because not only do you have to deal with the hassle of digging it up and hiding it when you're done, you have to worry about someone else finding it.

The reasonable compromise is to use two or three passwords in rotation, with a fourth throwaway used for suspicious sites. That's what I do, and that's why Hikato.com got a throwaway password.
I still don't see why Hikato wouldn't take it upon himself to hash all passwords anyway.

That's what I would have done. Save me from myself.
GoodDoggyTreat wrote:
I still don't see why Hikato wouldn't take it upon himself to hash all passwords anyway.

That's what I would have done. Save me from myself.

Because Hikato is an opportunist. Give him an inch and he'll take several yards. I would have bet money that he was never interested in security in the first place, because if he was then he would have informed Mikau or anybody, not use those passwords to log into player accounts.
Sarm wrote:
GoodDoggyTreat wrote:
I still don't see why Hikato wouldn't take it upon himself to hash all passwords anyway.

That's what I would have done. Save me from myself.

Because Hikato is an opportunist. Give him an inch and he'll take several yards. I would have bet money that he was never interested in security in the first place, because if he was then he would have informed Mikau or anybody, not use those passwords to log into player accounts.

He did inform Mikau.
Page: 1 2