๐ Account Security Update
All accounts on the site have been logged out, and will require logging back in.
We've seen a number of very old (5+ year not logged in) accounts get broken into over the last few weeks and out of extreme caution, I'm are rotating our "primary key" which is used to authenticate accounts on all of our sites.
As always we recommend keeping your password updated yearly and using a password manager (your OS probably comes with one now!) to generate strong passwords, and do not reuse passwords. In most cases, these situations happen because another site is hacked their database is leaked to the "dark web" and folks use the same email/username/passwords in multiple locations. If you feel like someone might have access to your Subeta (or any!) account, change your password right away.
We're always watching out (๐๏ธ) and have invested time recently in tools that can "unwind" an account getting hacked and drained. Please make a ticket if you find that you are missing items, or think that your account has been targeted.
You can also check on https://haveibeenpwned.com/, a website to search for your email in large scale hacks on the internet.
Posted by Keith
Load this on Kumos site
Keith
STAFF
@StarShadow It should tell you what other information was exposed in those breaches. If it was a password, you should make sure to change that password and anywhere else you used the same password.
Keith
STAFF
@brokensafety Less than 0.5% of users ever set a pin, and it's just really hard to maintain code paths on every single major part of the site that takes into account that small fraction of the site. If it comes back, it would only be on login as a secondary protection, and not on every page on the site where items can be taken, it just isn't scalable or possible on Subeta.
if it's something you'd like to see come back, I highly recommend making a suggestions thread so that it can be tracked!
if it's something you'd like to see come back, I highly recommend making a suggestions thread so that it can be tracked!
In July of 2022, nearly four years ago, PIN protection was removed. I was very concerned when this change was announced, as a PIN protected nearly my entire account on a different pet site after my account was compromised. The only items taken were items not protected by PIN at that time (petpet.) I would feel MUCH more comfortable if the PIN protection feature was added back now that the site has been re-coded in a way that hopefully allows the re-introduction of PINs. In July of 2022 when this change was mentioned, we were also told that 2FA would be offered as soon as possible. It's been four years, and I don't believe that's been added either. If 2FA is going to be offered, I would still like to have a PIN as well to alleviate my own concerns. Thanks for looking out for account security and letting us know about these security concerns.
it's also worth checking your email(s) on haveibeenpwned to see if any ended up in data breaches! :>
@Ambition
You should be able to see your email on this page - https://subeta.net/preferences.php?act=profile
You should be able to see your email on this page - https://subeta.net/preferences.php?act=profile
Thanks for the update, Keith.
And yeah, I know Neopets in particular has had like 10 million security breaches over the years, so anyone from here who also plays there, you REALLY should not use the same passwords (and maybe even usernames too).
And yeah, I know Neopets in particular has had like 10 million security breaches over the years, so anyone from here who also plays there, you REALLY should not use the same passwords (and maybe even usernames too).
Has Kumos been taken down now? I would guess that we need to log back into that site also.
Keith
STAFF
I just want to reiterate that I have zero reason to suspect that Subeta accounts or passwords are anywhere! I spend a unfortunate amount of time on the dark web, mostly just making sure that our database doesn't end up there and have alerts and things like that set up to flag.
What I suspect the situation here is is that a person got access to a spreadsheet with a bunch of usernames and passwords on it from other similar sites and has just been trying all of them.
What I suspect the situation here is is that a person got access to a spreadsheet with a bunch of usernames and passwords on it from other similar sites and has just been trying all of them.
Was that when it happened last night? Or should I be expeciting it to happen again?
Thank you so much, Keith!! ♥
Thank you so much, Keith!! ♥
Guess this is why I had to re-log in 3 times last night, but everything has been working fine since then. Thanks.