NOTICE SECURITY NOTICE - everybody read

Please remember to regularly review your security - not just on this site, but the Internet in general. Here are some tips:

• Use STRONG passwords (long - numbers, uppercase characters, lowercase characters AND symbols)
• Use DIFFERENT passwords on different sites
• Use two-step verification
• Change your passwords REGULARLY
• Your data is potentially at risk on any site for which you create a login. CHECK to see if you're on any leaked databases

You can turn on two-step verification here. I would recommend using the app as your e-mail can be hacked! If you must use e-mail verification, make sure you DON'T have the same password for the site as your e-mail!

I'd highly recommend entering your e-mail at www.haveibeenpwned.com to see if you are on a compromised database. These include MAJOR sites like Myspace, LinkedIn, Adobe, Dropbox and quite a few gaming sites.

Here is a guide to making strong passwords, with a handy generator.

It has come to our attention that there have been numerous users logging in from shared IP addresses. This is quite possibly a malicious login - perhaps where someone has gained your information from a leaked database. You REALLY need to change passwords to any site listed on the above link, and make sure you don't use the same password for your e-mail, PayPal, eBay, Amazon or ASSEMbler accounts!

We may have to start banning some of these suspicious proxy addresses, which would result in some users being affected. Ultimately, you shouldn't need to use a proxy to access the site. If your company blocks access to the site, remember you're supposed to be working on company time, not looking at a gaming forum!

 

Thanks for posting this. It's shocking how much of our data is leaked these days.

 

It's funny how I was just trying to update my stuff yet I cant remember my current password.

Shows how much I truly care. Time to fix it.

Edit: man that was the worst password ever

 

But Retro.....hey....

The boss makes a dollar and I make a dime, and that's why I DICKBUTT on the company time....

....c'mon man....

 

With the recent malicious attacks on my accounts, it is a good reminder for others to make sure their accounts are secure. Thanks admins for the help!

 

Forgot to say, Don't forget to remind users to download backup codes and keep them somewhere safe.. OFFLINE.

You can generate 10 random security codes which act as a second password. Don't leave these where others might find. Put them on a bit of paper or on something in a safe place.

If you lose them you could be locked out of your account also.

These codes can only be used once, You can however generate 10 new one's once used up.

 

I hope that this doesn't include users who are behind a transparent proxy server that is deployed by our ISPs. We don't have a choice (and neither do some of us know about it).
Personally, I know that I am behind one because of how I wasn't able to use a lot of filesharing websites (IP address in use, which isn't even mine) and a moderator was telling me that my traffic comes from the US (which is, really, really far from where I am).

 

Pretty sure it's limited to web proxy's/VPN's/Tor in the case of an ISP proxy checks can be made I guess.

 

Not sure if this would throw a red flag or not but I use a load balancing router and combine 2 ISP's. So one time I click a page and the next time I click one I could have a completely different IP.

 

We would check data first, and I'm talking about specifically suspect proxies where a number of users have logged in and they're all over the place. And you always show up as in Asia.

All in the same state and similar IPs. If you were in California at one time and suddenly in New York half an hour later, then in Florida an hour later, that would be suspect.

 

Thanks for the heads up! Just enabled two-step verification and changed my password as a precaution. Hopefully those affected can get control of their accounts again.

 

Using different passwords might be a pain, but it will save your ass in the end.

 

Time to start coming up with new passwords. Thanks for the heads up and tips to keep us safe @retro

 

I'm on it, thanks for the reminder.

 

In Bangkok I'm behind a similar transparent proxy enforced by the ISP as sp193 mentioned, we are 2.3 million users sharing about four different IP addresses when accessing the web. Sure, it can be avoided by using other proxies or the TOR network (which dynamically changes IP address and country frequently BTW, depending on the exit node).

If a site admin wants to know the current TOR exit nodes so they can be whitelisted from permanent ban, it's here:

https://check.torproject.org/exit-addresses

I think we should promote the use of TOR since the ISP's are behaving so bad in general regarding censorship enforced by government, and for privacy reasons.

 

thanks i already found a copromised email

 

Thanks for the reminder, password changed

I wish there was a function in Chrome where it could automaticly change all the stored passwords, like automaticly log into each site that has been saved, change the password, update the password. Then you could just do that once a month and would never be hacked unless ofc google or your pc gets compromised xD

 

@retro Is this post implying there was a breach of this site?

 

All my passwords are small and easy to remember. I better make a harder one for my ebay and paypal account.. I lost one on betaarchive so i just made a new account... I do not trust using my pc to buy stuff online, it keeps loading japanese sites. I had 2 pc inffected (killed) from going on the internet. Watch out what you download is all i can say.

 

As mentioned before, I highly recommend against logging into the site using TOR. There's no reason for you to hide your true IP from us - only ASSEMbler and I can see it, anyway.

As said above, if you're behind an ISP proxy, it's not an issue. It's where you dart all over the World and log in with the same IP as 10 other users. That becomes suspect. This would include the use of TOR.

It's implying users need to make better passwords and not reuse them