Hi, I'm a manager of the Chair of Republic studio and recently a message was posted by a user named (removed by moderator - please don't name names) saying 'Curator (removed) is hacked.' This is of no importance in itself, but it was accompanied by a log in the Activity section saying ‘ocean_lord made edits to the title, thumbnail, or description. I looked, and as far as I can tell, no changes have been made to title, thumbnail, or description. Is this a known bug?

Looking into this further, the user’s About Me states 'Account hacked by (removed) hackergroup! Password was changed.' along with ways to recover the original account. No user by this name exists. Looking the message up reveals another user, (removed) with the same message. This user was apparently a Japanese speaker and has messages up until 9 days ago.

Does ST or anyone else know anything about this?
Thank you, and scratch on!

Those users probably had weak passwords. That's all

dhuls wrote:

Those users probably had weak passwords. That's all

what about the title and description? please read op

You should report the profile so the scratch team can investigate.

colinmacc wrote:

You should report the profile so the scratch team can investigate.

There is no evidence of an actual hack.

saverofthewo wrote:

dhuls wrote:

Those users probably had weak passwords. That's all

what about the title and description? please read op

They probably toggled the “allow everyone to add projects” switch

dhuls wrote:

saverofthewo wrote:

dhuls wrote:

Those users probably had weak passwords. That's all

what about the title and description? please read op

They probably toggled the “allow everyone to add projects” switch

I checked, and they did not have manager access. “allow everyone to add projects” is also turned off.

SixBitStudios wrote:

dhuls wrote:

saverofthewo wrote:

dhuls wrote:

Those users probably had weak passwords. That's all

what about the title and description? please read op

They probably toggled the “allow everyone to add projects” switch

I checked, and they did not have manager access. “allow everyone to add projects” is also turned off.

The curators has the option to allow everyone to add projects too, it could be he's just turning the button on and off

dhuls wrote:

saverofthewo wrote:

dhuls wrote:

Those users probably had weak passwords. That's all

what about the title and description? please read op

They probably toggled the “allow everyone to add projects” switch

only managers can change title and description, please read OP

TylerMorgan123 wrote:

The curators has the option to allow everyone to add projects too, it could be he's just turning the button on and off

Interesting, I didn't know that about studios. Thank you.

saverofthewo wrote:

only managers can change title and description, please read OP

Only the studio creator can, not the managers, they only have the ability to remove/add curators and promote if they like

SixBitStudios wrote:

colinmacc wrote:

You should report the profile so the scratch team can investigate.

There is no evidence of an actual hack.

If nothing else the WIWO contains contact information for someone outside of Scratch which is against the rules

TylerMorgan123 wrote:

saverofthewo wrote:

only managers can change title and description, please read OP

Only the studio creator can, not the managers, they only have the ability to remove/add curators and promote if they like

oh right, i forgot, but that makes it weirder

colinmacc wrote:

SixBitStudios wrote:

colinmacc wrote:

You should report the profile so the scratch team can investigate.

There is no evidence of an actual hack.

If nothing else the WIWO contains contact information for someone outside of Scratch which is against the rules

True, Will report.

I’ve already done it. Also another one I saw earlier today.

Edit: (removed)

SixBitStudios wrote:

colinmacc wrote:

You should report the profile so the scratch team can investigate.

There is no evidence of an actual hack.

Scratch team can tell if users were hacked, so you should report.

i also reported it, it might just be a troll

Not sure what's going on with the studio. But we have seen a number of accounts recently that look like the one you describe with the message and all. We suspect that the accounts had weak passwords and were guessed by somebody. Please do report the accounts so we can lock them down until they can be returned to their rightful owners.

Paddle2See wrote:

Not sure what's going on with the studio. But we have seen a number of accounts recently that look like the one you describe with the message and all. We suspect that the accounts had weak passwords and were guessed by somebody. Please do report the accounts so we can lock them down until they can be returned to their rightful owners.

paddler, I think some of these people are just trolling around by just changing their about me without actually getting hacked.

PoIygon wrote:

I think some of these people are just trolling around by just changing their about me without actually getting hacked.

In that case, it's still a good idea to report those accounts. The Community Guidelines state to “Be honest.” It's not okay to deceive the community by claiming that your account was hacked — it just tends to spread fear in the community. If someone claims to be hacked but they were not actually hacked, then perhaps getting blocked would give the bad apple second thoughts about pulling a similar trick in the future.