BleepingComputer reports that multiplayer browser-based government simulation game NationStates took down its website following a security incident that infiltrated its servers and compromised player data late last month.NationStates had its old MD5 password hashes, email addresses, login IPs, browser details, and possibly some private Telegram messages, but not real names or payment data, exposed after a player known to be a regular vulnerability reporter obtained remote code execution while testing a new critical flaw he discovered in the new "Dispatch Search" feature, according to NationStates author Max Barry."Unfortunately, the reporter didn't merely confirm the bug's existence, but also then went ahead and breached the server. Because there was unauthorized entry to the server, the only way to be sure it's secure is to completely hose it and rebuild. We also need to determine what material was accessed or copied off the server. This will likely take at least a few days," Barry said.Authorities were already notified, noted NationStates, which also announced that password upgrades are planned, and it will use new hardware for the rebuilt production server and conduct security improvements and audits.
Vulnerability Management, Breach, Incident Response
NationStates breach prompts site shutdown

Adobe Stock
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



