Jump to content
James

GE Tracker Security Disclosure Q&A

Recommended Posts

Please post all questions related to the GE Tracker security disclosure below.

We're happy to answer everyones questions, no matter how big or small.

Share this post


Link to post
Share on other sites

Hi arnator,

It is to give you all enough time to update your account security not only on GE Tracker, but all websites and services you are a member of.

  • reaction_title_1 1

Share this post


Link to post
Share on other sites

I appreciate the frankness and openness of the message you sent out, and you did an excellent job of explaining what exactly happened. What information was made available was stated, and it seems you've responded appropriately. Top notch job overall. I've already enabled 2fa, as well as changed my email passwords.

Edited by therminsales
  • reaction_title_1 4

Share this post


Link to post
Share on other sites

I appreciate to detailed email, it's a shitty situation but you guys seem to handle it well. 

  • reaction_title_1 1

Share this post


Link to post
Share on other sites

Hey, the email doesn't really explain to what level ge tracker was breached. Do you believe that ge tracker account credentials were compromised and if so, what type of password storage does ge tracker use? Also, will you folks be rotating everyone's credentials?

Share this post


Link to post
Share on other sites
28 minutes ago, jmoore said:

Hey, the email doesn't really explain to what level ge tracker was breached. Do you believe that ge tracker account credentials were compromised and if so, what type of password storage does ge tracker use? Also, will you folks be rotating everyone's credentials?

@jmoore

The email does go into depth about what was affected in the breach but I can summarize:

- If you logged in, or registered, between the 25th and 29th of May there is a chance that your login credentials were intercepted.
- There is a small chance that your GE-Tracker profile was scanned. In this case your account email was harvested.
- There was no leak of the user database at any point, and the attacker was booted from the system by clearing all sessions and locking the compromised accounts.

The password in the database are encrypted with industry-standard encryption and salted. I can't speak for a site-wide password rotation as that would be James.

Let me know if I can answer any more questions for you. If you'd like to get technical, DMing me on Discord would be best.

(I deleted my previous response of this to make sure you were tagged)

  • reaction_title_1 3

Share this post


Link to post
Share on other sites

Thank you for all being so open about this. Any chance that OSBuddy credentials would have been swiped too if you use the import feature for profit tracking?

Share this post


Link to post
Share on other sites
On 2017-6-8 at 0:39 AM, doggie said:

Thank you for all being so open about this. Any chance that OSBuddy credentials would have been swiped too if you use the import feature for profit tracking?

They are encrypted in the database and the hacker didn't specifically target them so they are safe :)

  • reaction_title_1 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Information

© GE Tracker 2016-2017. RuneScape is a registered trademark of Jagex Ltd. This website is in no way affiliated with, authorized, maintained, sponsored or endorsed by Jagex Ltd or any of its affiliates or subsidiaries.

Terms & Conditions | Privacy Policy

GE Tracker Social Media

GE Tracker YouTube Partners

Powered By

Our prices and information are pulled from OSBuddy Exchange (Get PRO).
×