10 replies to this topic

[Robware]

This isn't an accusation, just a query. I hope this query finds itself in the correct location.

 

For some context: every service I sign up to gets a unique email address, helping me to keep tabs on how my data moves around.

I got an email today, for an OpenAI account verification, on the email address that I used for cnc-online.net. This suggests to me that my data has made its way outside the confines of the Revora ecosystem. Obviously, if this is the case, this has some significant ramifications under GDPR.

 

I understand this is a pretty sombre first post, but I wanted to see if anyone was aware that the data for this platform has spread elsewhere.

[Kroezensjtern]

Hello.

I use the same system. Cheers!

While i never used Revora, i came here now for the exact same reason and with the same assumption.

Everyone should at least change their password now and admin must find the source of the breach.

[nghinhut]

Hi guys,
I got an email just now for OpenAI account verification.

My dark web monitoring tool also reports my password is leaked.
The admin should reset all user passwords to mitigate this.

[narrow_consist_drowse]

Same here; I got an OpenAI signup email. I posted in another thread first: https://forums.revor...online-address/

[golfcaddy]

Same here.  Different emails for everything... OpenAI verification on this email address.

[greatguygary]

+1
I have an email address specifically for this service and received an OpenAI email verification ~6 hours ago.

[5andshark]

+1

 

There clearly was a leak of user email addresses.

Yet I cannot find any official statements nor am I able to get in contact trough email.

 

I already deactivated my email that was leaked, if there is no followup on this, I feel that there is no other option left other then to go trough the data protection agency.

[Banshee]

I do not respond in the name of C&C: Online, since I am officially no part of it. But as far as we have investigated this matter here in Revora, some people did get this email, and other users of C&C: Online didn't. I did not receive such an email, neither did ToxicShock. And, regarding some of the people who received, they had their email accounts leaked by other websites, according to "have I been pwned" services. If you have a real proof that the culprit is really C&C: Online, then you should show their staff (not me) so they can try to figure it out. So far, nobody has found any problems. If they become aware of it, it is in their best interest to find out and solve the problem. C&C: Online does not sell your private data to any third party.

 

Also, I have seen email accounts/forwarders being found out by spammers regardless of the website that you use these accounts. Sometimes, your own email service may sell that information or leak them. It is also possible that it can be leaked if any of your machines get pwned.

[PurpleGaga27]

I noticed the recent thread ads coming into this forum recently. As for me, I have to change my password anyway here as well.

[5andshark]

I do not respond in the name of C&C: Online, since I am officially no part of it. But as far as we have investigated this matter here in Revora, some people did get this email, and other users of C&C: Online didn't. I did not receive such an email, neither did ToxicShock. And, regarding some of the people who received, they had their email accounts leaked by other websites, according to "have I been pwned" services. If you have a real proof that the culprit is really C&C: Online, then you should show their staff (not me) so they can try to figure it out.

 

So far, nobody has found any problems. If they become aware of it, it is in their best interest to find out and solve the problem. C&C: Online does not sell your private data to any third party.

 

Also, I have seen email accounts/forwarders being found out by spammers regardless of the website that you use these accounts. Sometimes, your own email service may sell that information or leak them. It is also possible that it can be leaked if any of your machines get pwned.

>  If you have a real proof that the culprit is really C&C: Online, 

I use a specific email (and ofcourse password) for each service, that I never user for any other service (this is quite the hassle signing up for services, but it allows me to pin-point any leaks immidiately).

> then you should show their staff (not me) so they can try to figure it out.
I am unable to get in contact with them trough email (abuse@, info@), Can you tell me how to contact them perhaps?

 

> Also, I have seen email accounts/forwarders being found out by spammers regardless of the website that you use these accounts. Sometimes, your own email service may sell that information or leak them. It is also possible that it can be leaked if any of your machines get pwned.

I have my own hosting / domain / email service. other addresses have not leaked. Would also be too coincidental that several friends i played CNC with got the same email on the same day, while they all use different email services.

 

[Banshee]

There are two ways to contact them. One is using the C&C Support forums, which narrow_consist_drowse did (as you can see in some posts above). The other is the Discord server ( https://discord.gg/7Yp3HXg ). In Discord, Cervantes has responded in gen_chat, although his response does not clarify the situation at all:

 

P0WeRZz
—
23/10/2023 14:55
Shouln't the news of multiple people using an email that isolated to just cnconline/revora be an indicator of something wrong? I didn't receive the signup on any of my other emails. It's exactly why I create a seperate email for every single website I sign up for. To make sure if I receive crap I'm not expecting on that one, assume all data with respective party is breached.
Cerv | SoftRam CEO
—
23/10/2023 15:56
this is correct if this would be indeed be isolated while adresses specifically made for our service have been affected the same thing has been reported from our services that adresses specifially for that thing have been affected as well
thats why the main concern atm is potentially a shared 3rd party program being breached but that is not the case as i can tell at this moment