Forums → Support Forum → Data breach

2	4707

offline

lnr1

1 posts

Nomad

Posted July 24, '19 9:06pm UTC

When was Armor Games going to notify me of the data breach in January of this year? Seems like a pretty easy court case here if you knew and haven't notified me or any other users

2 Replies

offline

Ferret

9,323 posts

Bard

Posted July 24, '19 9:14pm UTC

@lnr1 We've e-mailed all people involved in the breach much earlier this year. You can find more information on this here...

https://armorgames.com/page/data-breach-2019

offline

darthsneaker

1 posts

Nomad

Posted July 28, '19 11:14am UTC

Hi armorgames security team (if there is any):
My email address was used by spammers at 07/10/2019 12:59 PM. Since then i got several more spam mails.
I created this email address specifically for armorgames and never gave it to someone else.
So i can highly assume you either have another data breach now, or - since i was not contacted yet - you did not contact me for the data breach in january i just now learned of.
I've changed my email address now to a new one, again containing a random number in the local part to make dictionary guessing of that address very unlikely, but i would highly recommend to provide at least some way of directly contacting you about abuse over regular ways like a whois abuse email (which is not available since your cloudflare &quotrotection" prevents this), an email address or at least a visible contact form on your page or anything like that. But you seem to make it hard to contact you for such cases, maybe you've already missed hints of problems with your page just because you make it too hard to contact you. Also in case of "reporting a bad ad" (which i got via email to an address i only gave you, so i assume it actually came from you) you state that "you can report this to us via the Support Forums or the Other section of our Contact Us page" where the "Contact Us page" is completely invisible to me no matter if i am logged in or not. I was not able find it even though i searched throughout all common and uncommon places for such a contact page. It seems to me that any hint in cases of abuse or data leak have to go through the forums preceeding a longer search of how to contact you and needing an account to be able to post to that forum. I suggest you should be more open for people who want to contact you for security related stuff (and actually partly do YOUR work for free by doing so), maybe that easy reachable way of contacting you alone could increase your overall security and prevent further data breaches please don't be THAT stupid to prevent people from telling you about your security problems ...
anyway either fix your processes (not contacting me about your data breach) or fix your platform security problems.

Hi armorgames security team (if there is any):
My email address was used by spammers at 07/10/2019 12:59 PM. Since then i got several more spam mails.
I created this email address specifically for armorgames and never gave it to someone else.
So i can highly assume you either have another data breach now, or - since i was not contacted yet - you did not contact me for the data breach in january i just now learned of.
I've changed my email address now to a new one, again containing a random number in the local part to make dictionary guessing of that address very unlikely, but i would highly recommend to provide at least some way of directly contacting you about abuse over regular ways like a whois abuse email (which is not available since your cloudflare "protection" prevents this), an email address or at least a visible contact form on your page or anything like that. But you seem to make it hard to contact you for such cases, maybe you've already missed hints of problems with your page just because you make it too hard to contact you. Also in case of "reporting a bad ad" (which i got via email to an address i only gave you, so i assume it actually came from you) you state that "you can report this to us via the Support Forums or the Other section of our Contact Us page" where the "Contact Us page" is completely invisible to me no matter if i am logged in or not. I was not able find it even though i searched throughout all common and uncommon places for such a contact page. It seems to me that any hint in cases of abuse or data leak have to go through the forums preceeding a longer search of how to contact you and needing an account to be able to post to that forum. I suggest you should be more open for people who want to contact you for security related stuff (and actually partly do YOUR work for free by doing so), maybe that easy reachable way of contacting you alone could increase your overall security and prevent further data breaches :D :D :D please don't be THAT stupid to prevent people from telling you about your security problems ...
anyway either fix your processes (not contacting me about your data breach) or fix your platform security problems.

Showing 1-2 of 2

Categories

Quests

Community

Forums → Support Forum → Data breach