Welcome, Guest
Username: Password: Remember me
"City Car Driving" general discussion forum for English users
  • Page:
  • 1
  • 2

TOPIC: City Car Driving 2.0 ??

City Car Driving 2.0 ?? 21 Oct 2018 06:35 #110680

  • quax
  • quax's Avatar
  • OFFLINE
  • Novice
  • Posts: 2
  • Thank you received: 1
Kivlov wrote:
The database with clients is absolutely safe in secured PayPro and Steam databases. The only way it could happen - forum users database. A couple of months ago our website was hacked. The consequences were fixed promptly. However, it seems intruders had time to get emails of our forum users.

Sorry, but I don't think it's the forum users database, because I didn't have a forum account here until I made one last week to report this issue.

The email address I received the fishing mail on had only ever been used to purchase CCD in 2011.
The administrator has disabled public write access.
The following user(s) said Thank You: NewSimulatorPlayer

City Car Driving 2.0 ?? 21 Oct 2018 22:06 #110688

  • NewSimulatorPlayer
  • NewSimulatorPlayer's Avatar
  • OFFLINE
  • Guru
  • *Leaving the forum for a while. Getting annoyed with everyone here. This place is toxic*
  • Posts: 1283
  • Thank you received: 146
Kivlov wrote:
johey wrote:
If you still believe your database has not been compromised, please share your thoughts on how the attackers can possibly target your users with such precision.
The database with clients is absolutely safe in secured PayPro and Steam databases. The only way it could happen - forum users database. A couple of months ago our website was hacked. The consequences were fixed promptly. However, it seems intruders had time to get emails of our forum users.


The website was hacked a few months ago and this is only coming out now? Very unprofessional. Users need to be notified of these sort of things asap, not months later. Wth

Do you know if they just got emails? Or did they also get passwords? Because if you used on a different site as Johey stated, they could be bad.
www.youtube.com/channel/UCAUVBU1Yg7CCb5nUXBLnXZw
How to convert PKG mods to RAR Video on my Youtube Channel!


My Specs:
Processor:Intel Core i5
Ram: 16GB Ram
GPU: EVGA Nvidia GTX 1060 6GB
Display: 3 1920x1080 Monitors

Favorite Mods:
1. 2015 Chevrolet Tahoe by TJmods
2. 2019 Mercedes G500 by TJmods
3. 2018 Honda Odyssey by GSHAPIROY
4. 2016 Nissan Qashqai by TJmods
Last Edit: 21 Oct 2018 22:09 by NewSimulatorPlayer.
The administrator has disabled public write access.
The following user(s) said Thank You: GSHAPIROY

City Car Driving 2.0 ?? 22 Oct 2018 08:29 #110691

  • Kivlov
  • Kivlov's Avatar
  • OFFLINE
  • Developer
  • Posts: 140
  • Thank you received: 15
quax wrote:
Sorry, but I don't think it's the forum users database, because I didn't have a forum account here until I made one last week to report this issue.

The email address I received the fishing mail on had only ever been used to purchase CCD in 2011.
This is quite strange, as this information is not stored on our website. All purchases are made through PayPro servers.
The administrator has disabled public write access.

City Car Driving 2.0 ?? 22 Oct 2018 08:39 #110692

  • Kivlov
  • Kivlov's Avatar
  • OFFLINE
  • Developer
  • Posts: 140
  • Thank you received: 15
NewSimulatorPlayer wrote:
The website was hacked a few months ago and this is only coming out now? Very unprofessional. Users need to be notified of these sort of things asap, not months later. Wth
As I already said the issue was resolved promtly. And we didn't know that any data could be hijacked. Even now we still have some doubts that this website attack was the source, where the intruders got the emails, as this doesn't look like a mass effect - we got only 2 complaints about that on email, plus some here.

NewSimulatorPlayer wrote:
Do you know if they just got emails? Or did they also get passwords? Because if you used on a different site as Johey stated, they could be bad.
The passwords are never stored in "open" form. All they could get - password hashes, but they're completely useless, as hash cannot be decrypted.
Last Edit: 22 Oct 2018 08:42 by Kivlov.
The administrator has disabled public write access.
The following user(s) said Thank You: ChrisTheIncredibleHD, kas1.4truckdriver, NewSimulatorPlayer

City Car Driving 2.0 ?? 29 Oct 2018 04:40 #110753

  • grosbedo
  • grosbedo's Avatar
  • OFFLINE
  • Novice
  • Posts: 21
  • Thank you received: 6
Kivlov wrote:
NewSimulatorPlayer wrote:
The website was hacked a few months ago and this is only coming out now? Very unprofessional. Users need to be notified of these sort of things asap, not months later. Wth
As I already said the issue was resolved promtly. And we didn't know that any data could be hijacked. Even now we still have some doubts that this website attack was the source, where the intruders got the emails, as this doesn't look like a mass effect - we got only 2 complaints about that on email, plus some here.

NewSimulatorPlayer wrote:
Do you know if they just got emails? Or did they also get passwords? Because if you used on a different site as Johey stated, they could be bad.
The passwords are never stored in "open" form. All they could get - password hashes, but they're completely useless, as hash cannot be decrypted.

Even if it was resolved quickly, you should notify your users/clients about the potential breach. Doing this harms the trust, that's true, but not doing it harms even more the trust as the data is always likely to come out someday,and in addition this put the users at risk as they can't take the adequate measures to protect their other accounts on other platforms using the same password.

About password hash, that's not enough, rainbow table cracking can Crack most in a few seconds. I hope you used a salt that is not stored anywhere in the db to make cracking a bit more difficult, but I guess that's not the case as designing a good salt system is famously difficult.

Everybody gets hacked nowadays, just do like all the other businesses : notify your users.
The administrator has disabled public write access.
The following user(s) said Thank You: NewSimulatorPlayer, zachmassy
  • Page:
  • 1
  • 2
Time to create page: 0.135 seconds