Hello,
Urgent news. Apparently there has been a password leak at xCPPS. We found a link on xCPPs’ website, a text file which had hundreds of passwords of registered accounts to xCPPS, some of these passwords were encrypted, however some were not.
This link was an open link on their website, anybody could have visited this page and copied everything. We have no idea who could have downloaded it. (the link has now been removed, however it was up for several days) These accounts are from before xCPPS extended downtime. (before all of the accounts were deleted) It includes the account name, the account’s password, the penguin’s color, the email address it was registered on, and the user’s IP address.
What we are concerned about is that some of the passwords in the file are not encrypted at all. Could this have happened because some could have ”slipped” through the encryption process, or possibly did they purposely turn off the encryption? The majority of the accounts on the list are however, encrypted.
Here’s an image of what just part of the text file looks like: (I blurred out the personal information)
Don’t think that even if your account’s password is encrypted, that your account is safe. xCPPS uses an MD5 encryption, which is a very common encryption method, and I found that if I ran the passwords through an MD5 Decrypter, around 2/3 of the time it will successfully decrypt a password. So even if your account is encrypted with MD5, your password isn’t always safe. What we need to do to ensure that account passwords cannot be retrieved is to enforce a harder encyrption method, such as SHA1, which is harder to decrypt.
What I am also wondering
Should I be worried? If you registered at xCPPS before the accounts were all deleted, (or before the long downtime) and you also used a password that you use for other things, then I would definitely change your passwords. If you used a password which you do not use for anything else, then you are safe.
This is another reminder to always use a password that you have not used before when registering for private servers!
-Roman
“Dude, it is true, I don’t want to be harsh, but to be honest this website is killing CPPSes!
Now, I am not forcing you to but.. If like myself you want more CPPSes I suggest you either: Relocate this website to a new domain or shut it down.
Disney do follow this blog thus they get all the info on CPPSes they need!
Oh and yes That was an impersonation, someone posted that then posted “Wow Impersonation”, Not me!”
-Patrick
Yeah Disney’s probably following this website, CPPS are getting shut down suddenly. I reckon you should move domain
Disney isn’t dumb. if I moved the domain, and they actually are following this blog, then they’d catch on within a few weeks. Buying a $15 domain every month can get to be an expensive plan for something which we won’t even know if it’s working or not.
I agree. And Patrick, I’m pretty sure that the “Disney is following this blog” statement is probably just a joke of some sort, not a fact.
ok seriously, I can’t put .com yet because I need to set up some ads (for money), also this is just for updates and stuff like that. Once we’re finished we will have our final website
I might have a clue as to who did this.
I love how my comment wasn’t approved >.>
@Fangs, as do I. It’s pretty damn obvious, and the attempt wasn’t “warning the population”, more like something more sinister. (If you knew what I know, it would make more sense. D:)
Stanely, do you think it was the Walruses plotting revenge from what happened with iCPv3 you have to admit they’re talented and selfish. I’m pretty sure they’d love to mess xCPPS up…
Your right Car they could be behind this but im sure their long gone by now. But they are selfish and they took iCP from Water,Op,iCrack, and Myself but im not letting them get xCPPS!!
Wow! Monchocho is there!
Anyway, I’m lucky, because I only use that password for iCPPS, which is, well, gone.
so were we all deleted?? did GreenPeg12 get deleted on the leak???
i dint even know that “Xcpps”
I am currently on xCPPS and it has been hacked recently. But I myself know that it was not cos of the password leak (if there really was 1) it was because someone guessed Pachocha’s password ( Pachocha is a mod on it ) I heard someone say his password. It was pachoca1.When I typed it in 2 see whether it was real, it was but he was banned 4ever. So when u sign up 4 a cpps b careful not 2 make your pass simple like Pachocha’s.
-James