Paddle2See wrote:

Not sure what's going on with the studio. But we have seen a number of accounts recently that look like the one you describe with the message and all. We suspect that the accounts had weak passwords and were guessed by somebody. Please do report the accounts so we can lock them down until they can be returned to their rightful owners.

even if it is a weak password problem isn't this like the first (atleast big) hacking incedint?

TylerMorgan123 wrote:

saverofthewo wrote:

snip

Only the studio creator can, not the managers, they only have the ability to remove/add curators and promote if they like

Managers can change the thumbnail, and description. Idk the thumbnail

Yin-_-Yang wrote:

TylerMorgan123 wrote:

saverofthewo wrote:

snip

Only the studio creator can, not the managers, they only have the ability to remove/add curators and promote if they like

Managers can change the thumbnail, and description. Idk the thumbnail

no they updated it

Thank you ST for clearing their WIWO!

this is a widespread issue, st needs to do something about it because there is no way ALL these users had weak passwords. was it SQL injection?

PoIygon wrote:

Paddle2See wrote:

Not sure what's going on with the studio. But we have seen a number of accounts recently that look like the one you describe with the message and all. We suspect that the accounts had weak passwords and were guessed by somebody. Please do report the accounts so we can lock them down until they can be returned to their rightful owners.

paddler, I think some of these people are just trolling around by just changing their about me without actually getting hacked.

In some cases that is probably true, however there have been a eight year old inactive accounts that have suddenly become active and claim to be a hacker. I have also know someone to have been hacked. Or at least they decided to never use an account again, close comments, change their pfp, post links to a certain scratcher, and claim to have been hacked.

saverofthewo wrote:

Paddle2See wrote:

Not sure what's going on with the studio. But we have seen a number of accounts recently that look like the one you describe with the message and all. We suspect that the accounts had weak passwords and were guessed by somebody. Please do report the accounts so we can lock them down until they can be returned to their rightful owners.

even if it is a weak password problem isn't this like the first (atleast big) hacking incedint?

There have been a few so called “hackers” in the last months. I believe some are probably hacking while others are just taking for attention.

saverofthewo wrote:

(#25)
this is a widespread issue, st needs to do something about it because there is no way ALL these users had weak passwords. was it SQL injection?

I highly doubt it was SQL injection

It was almost certainly weak passwords, or people getting phished

dhuls wrote:

saverofthewo wrote:

(#25)
this is a widespread issue, st needs to do something about it because there is no way ALL these users had weak passwords. was it SQL injection?

I highly doubt it was SQL injection

It was almost certainly weak passwords, or people getting phished

sql injection is the only possible answer with the severity of this problem, because if one person finds out and tells their friends it can cause a chain reaction and now everyone can hack anyone

saverofthewo wrote:

(#29)

dhuls wrote:

saverofthewo wrote:

(#25)
this is a widespread issue, st needs to do something about it because there is no way ALL these users had weak passwords. was it SQL injection?

I highly doubt it was SQL injection

It was almost certainly weak passwords, or people getting phished

sql injection is the only possible answer with the severity of this problem, because if one person finds out and tells their friends it can cause a chain reaction and now everyone can hack anyone

This is a website used primarily by kids, do you really think they all had super strong passwords that only got breached because of some super sophisticated attack, or the kids just had weak passwords, or just gave them away on some random website

Also, because passwords should always be stored in a hashed in some form, so nobody can easily use them even if they breached the database
And if they somehow aren't hashed, then the ST failed Web Security

I don't know what you're talking about.

The same thing happened with two curators in the Pen Art Palace Studio.

SixBitStudios wrote:

Hi, I'm a manager of the Chair of Republic studio and recently a message was posted by a user named (removed by moderator - please don't name names) saying 'Curator (removed) is hacked.' This is of no importance in itself, but it was accompanied by a log in the Activity section saying ‘ocean_lord made edits to the title, thumbnail, or description. I looked, and as far as I can tell, no changes have been made to title, thumbnail, or description. Is this a known bug?

Looking into this further, the user’s About Me states 'Account hacked by (removed) hackergroup! Password was changed.' along with ways to recover the original account. No user by this name exists. Looking the message up reveals another user, (removed) with the same message. This user was apparently a Japanese speaker and has messages up until 9 days ago.

Does ST or anyone else know anything about this?
Thank you, and scratch on!

cant you even mention such names