The game experienced a brief connectivity issue this morning. The team promptly fixed the issue and things are back to normal, thank you to everyone who passed along reports!
So, quick PSA: data breaches happen on a systemic level more frequently than the click-a-link-and-allow-hacker-to-pilot-your-desktop level. If you're using your primary gmail account to, say, access this forum/game and your password is the same everywhere, let's just say you should rethink that immediately.
Systemic data breaches that yield treasure troves of login/password/address/etc. typically aren't discovered until months/years later, and it takes a while for someone going through this pile to identify what's potentially useful or naw. When they do, though, it's not fun for the victim.
In short, decentralize online accounts as much as possible, never reuse passwords, change them frequently or use an autogenerator.
As for Lagacy, losing a channel to hacking/DMCA/etc. is a cost of doing business. Just remember the content is what makes the channel, not the domain, so it's a pain but it happens, and you rebuild and move on if need be. The painful part will be wrangling monetization going forward, but let's hope for the best.
The video the hackers are pushing on Lags account are all from an account called "MicroStrategy".
Clicking on one of the promoted videos and reading the comments and from what I've seen it shows MicroStrategy is not the original name of the account and it was first a geometry dash channel called Nexus before Nexus got hacked.
Who hacked the original Nexus account and turned it into a bitcoin account? Not sure but a comment said it was orchestrated by the king of Yemen, again don't know if that's true so take that with a grain of salt.
Those comments are about 8months old so if they're the same hackers it's very possible Lags won't be able to recover his account given how Nexus got overrun and hasn't been able to recover theirs (although idk if they tried as hard as Lags is)
Very unfortunate situation and I'm sadly not surprised it's crypto people doing it, they're some of the jammiest people on the internet
So how he got hacked? Clicked on some links? Or he just went to sleep and woke up to this?
probably clicked on some link.
who knows maybe he was down bad ( jokes )
but fr, I think he’s active on discord. I once got hacked on discord very easily. I was not happy.
How it's even possible that a single touch turns into this big disaster. A click shouldn't give away whole password and gmail accounts, Google need to encrypt more.
You would think two factor authentication would be the safety mechanism to stop such things… (assuming it was in use). If one click is bypassing that, that’s certainly troubling
Two factor authentication does not completely insulate someone from this sort of hack. It is essential in this day and age to prevent a wide range of attacks, however, the problem is 2FA only prevents someone else from logging into your account. It doesn't prevent you from logging into your account and if you are logged into your account when an attack occurs, the attack doesn't need to log into your account: you've done it already.
Typically, the way these kinds of attacks work is by using the fact that you're logged in, and send some form of phishing or other attack designed to add an authentication option to your account while you are still logged into it. Or it will ask you to log in pretending to be a valid authentication request. Then the attacker can quickly use that alternate authentication option to lock you out, leaving only their options remaining.
Everyone should use 2FA, especially on things like their primary email account system (because it is a very juicy target) and any commerce or other logistically important systems (for example, systems you use to gain access to other systems). But never assume 2FA will protect you from everything. It will not protect you from yourself making a mistake. You still have to be very careful when you yourself do things, especially when prompted by any outside communication.
Also: never trust where anything comes from. All senders can be forged. Email, text message, everything can look like it is coming from a trusted source. Treat all sender information like it is the handwritten return address on an envelope send through the post office. Anyone can write anything there. If it is unsolicited, if you are not directly expecting it, if it is not authenticated in some way, don't do anything. Check via some completely out of band channel if the request was valid. Presume all unauthenticated communications might be dangerous.
Comments
Systemic data breaches that yield treasure troves of login/password/address/etc. typically aren't discovered until months/years later, and it takes a while for someone going through this pile to identify what's potentially useful or naw. When they do, though, it's not fun for the victim.
In short, decentralize online accounts as much as possible, never reuse passwords, change them frequently or use an autogenerator.
As for Lagacy, losing a channel to hacking/DMCA/etc. is a cost of doing business. Just remember the content is what makes the channel, not the domain, so it's a pain but it happens, and you rebuild and move on if need be. The painful part will be wrangling monetization going forward, but let's hope for the best.
Typically, the way these kinds of attacks work is by using the fact that you're logged in, and send some form of phishing or other attack designed to add an authentication option to your account while you are still logged into it. Or it will ask you to log in pretending to be a valid authentication request. Then the attacker can quickly use that alternate authentication option to lock you out, leaving only their options remaining.
Everyone should use 2FA, especially on things like their primary email account system (because it is a very juicy target) and any commerce or other logistically important systems (for example, systems you use to gain access to other systems). But never assume 2FA will protect you from everything. It will not protect you from yourself making a mistake. You still have to be very careful when you yourself do things, especially when prompted by any outside communication.
Also: never trust where anything comes from. All senders can be forged. Email, text message, everything can look like it is coming from a trusted source. Treat all sender information like it is the handwritten return address on an envelope send through the post office. Anyone can write anything there. If it is unsolicited, if you are not directly expecting it, if it is not authenticated in some way, don't do anything. Check via some completely out of band channel if the request was valid. Presume all unauthenticated communications might be dangerous.
I'm one of the guys not on Twitter so I had no idea what was going on. Haha