#1 Edited by Rorie (2778 posts) -

Hey all,

Today we experienced a bit of a security breach on the site. You may have noticed that there were a number of banned users during today’s livestream. (These bans are not forum bans, and you should be able to access future chats without any problems.) After we cut off the chat to figure out what was going on (apologies about that - that was a fun video, and BioForge is a great game), the esteemed gentleman moved on to our forums. Some wikis may have been deleted, wiki points may have been reset, and I learned some startling new facts about the length of my penis. We’re looking into reverting any damage, but the damage to my ego may be, alas, irreversible.

One point to make clear: we have no reason to believe that user passwords, personal information, or any billing information was accessed. All of that stuff is stored in separate data stores, not accessible from our website itself. At the moment, we believe that this intruder only had access to the ability of staff members to manipulate the wiki and forums. Yes, that is bad, but hopefully you’ll agree that it could be worse. We’re going to be auditing all of this stuff, of course, and will let you know if we discover anything more serious.

These kinds of events are part and parcel of doing business on the internet. Obviously we wish it wouldn’t happen, but when it does, we at the very least learn new things about securing our site so that things like this don’t happen again. I’m not going to guarantee that it won’t, as our Moriarty seems to be both talented and dedicated, but at least we know more about how to protect our site than we did this morning.

Again, apologies if any of this caused a disruption in your normal methods of accessing the site. If you have any continued problems that you think might be related to this, please email support@giantbomb.com. If you have any personal concerns that you don't wish to air on the site, please email me at matthew.rorie@cbsinteractive.com. And if you were responsible for these events, we'd definitely love to talk to you. I'm sure you can figure out how to get in touch with us as you like.

Staff
#2 Posted by Demoskinos (14722 posts) -

Awesome, good to know that (at least for now) the top men have sealed the proverbial leaks. I've still got Faith of the heart in Giantbomb.

#3 Posted by noby_guy (91 posts) -

Thanks for the update Rorie. Glad you guys are on top of things.

#4 Edited by TruthTellah (8720 posts) -

Thanks for the update, Rorie. It stinks that they focused on you a bit, but I'm sure your genitalia is reasonable and dignified.

So, is there reason to believe that this is currently under control? And are there signs that this has a connection to the attacks last week? Will we find out in the next few days about any new efforts to secure Giant Bomb from more attacks like this in the future?

#5 Posted by ReyGitano (2467 posts) -

Wow, I was busy today and missed the live show, but that sounds like insanity. Hope everything ends up fine.

#6 Posted by mikecardii (236 posts) -

I had no idea about the breach because it happened while I was at work, but thanks for the update. Love the persistent transparency of Giant Bomb.

#7 Edited by Daveyo520 (6676 posts) -

We just need to digitize you into the computer world to battle him head on @rorie.

#8 Posted by AleeN634 (248 posts) -

Thanks for the update Rorie.

#9 Posted by ILikePopCans (748 posts) -

I liked the part where the guy made a poll asking if 50 should be ban... and the wining answer was yes.

#10 Edited by kkotd (293 posts) -

Was looking at the threads just a second ago and then this popped up on Twitter. Looks like you guys had a hell of a day. Glad that things are being fixed though and that there's communication about this towards us. That's one thing that's always seemed lacking when the site went hangwire in the past. Thanks Rorie keep up the good work.

#11 Posted by Draxyle (1822 posts) -

Those are some petty, sad, bored people to hack their way into a videogame website just to cause a disturbance.

Glad to hear about what was going on, I had thought a mod was trying to be funny until you all had to drop the chat entirely. Really a shame they chose such a fantastic stream to muck up.

#12 Edited by Rorie (2778 posts) -

@truthtellah: The person did indeed identify himself as the same person who was around last week, and we have no reason to disbelieve him. As far as the events go, we haven't noticed anything untowards in the last hour or two.

As far as the security issues go, I'm not sure how explicit we want to get with that - anything that we make note of will likely be used against us in future attacks. I'll discuss it with the engineers, though. Might be an interesting blog in it somewhere.

Staff
#13 Posted by wefwefasdf (6729 posts) -

Thanks for the update, Rorie. You're doing an awesome job--it's great to have you around!

#14 Edited by Demoskinos (14722 posts) -

@rorie said:

@truthtellah: The person did indeed identify himself as the same person who was around last week, and we have no reason to disbelieve him.

As far as the security issues go, I'm not sure how explicit we want to get with that - anything that we make note of will likely be used against us in future attacks. I'll discuss it with the engineers, though. Might be an interesting blog in it somewhere.

I dunno I'm thinking you still might be hacked I see a severe lack of puppies in this post.

#15 Posted by TyCobb (1961 posts) -

Parameterize your queries!

#16 Edited by MistaSparkle (2148 posts) -

Good job everyone! GB is clean again...or at least, as clean as we left it which is...ugh...

Still good to be back to normal!

#17 Edited by Rorie (2778 posts) -

@rorie said:

@truthtellah: The person did indeed identify himself as the same person who was around last week, and we have no reason to disbelieve him.

As far as the security issues go, I'm not sure how explicit we want to get with that - anything that we make note of will likely be used against us in future attacks. I'll discuss it with the engineers, though. Might be an interesting blog in it somewhere.

I dunno I'm thinking you still might be hacked I see a severe lack of puppies in this post.

Staff
#18 Edited by Sammo21 (3251 posts) -

This is why we can't have nice things.

#19 Edited by TruthTellah (8720 posts) -

@rorie: As long as there is some kind of confirmation that new steps have been taken, I'd say that might be enough for reassuring people. As you said, specifically laying out new measures may actually be used against Giant Bomb; so, I think people would understand not being explicit about it. Members just want to feel reasonably safe around here.

#20 Posted by Ben_H (3335 posts) -

@tycobb said:

Parameterize your queries!

I just covered that in a book I am reading so I find that immensely humourous.

It is good to hear things are under control. It was getting pretty goofy for a bit there.

#21 Posted by Silver-Streak (1343 posts) -

@rorie Don't let the lies posted by the intruder get you down. I'm sure your genitalia is like this (poor) dog

Far too large for what is considered normal, and yet somehow still adorable.

Wait...what?

#22 Edited by TyCobb (1961 posts) -

@ben_h said:

@tycobb said:

Parameterize your queries!

I just covered that in a book I am reading so I find that immensely humourous.

It is good to hear things are under control. It was getting pretty goofy for a bit there.

Nice. It truly is amazing how many applications exposed to the public just run ad hoc queries with little or no validation while using values given right from the user.

#23 Posted by Zero_ (1973 posts) -

I'm absolutely appalled at what little attention is being brought to the severe issue of Rorie's penis. As a paying member of this website, I feel we are entitled to know what exactly was said.

#24 Posted by Demoskinos (14722 posts) -

@eujin: Awww that video is depressing. Poor pup.

#25 Posted by JJOR64 (18939 posts) -

Crazy. Just read this post.

#26 Edited by villainy (554 posts) -

@truthtellah:I've been popping "GmZ was here" into good old Google occasionally to see what comes up. This one from last week doesn't show up in my search results anymore but is still cached. The same tag spent some time on @gamer_152's post here (since deleted).

I want to trust that our login information is kept fully separate from the site content itself but the fact that www.giantbomb.com and auth.giantbomb.com point to the same Amazon ELB IP addresses is a little disconcerting. I'll admit that while I understand various load balancing techniques I don't have much experience with ELB specifically so maybe those two hostnames are actually going to separate EC2 instances. There's nothing I'd like more than for the engineering team to shut down my paranoia with some knowledge bombs (once they've cleaned up here and had some sleep of course).

Superficial website attacks growing into privilege escalation exploits and full on server rooting are pretty rare but I have had to help deal with the aftermath and it sucks. Hard. I have no reason to believe this was anything but a trolling run but like I said before, just my paranoia is all.

#27 Edited by cooljammer00 (1605 posts) -

Pfft, I know the truth. @rorie got the illest dick.

#28 Posted by blorbagush (28 posts) -

I was there. The story will be told by my children's grandchildren to other people's grandchildren, and on through the ages. The chat acquitted itself well; comrade after comrade stood defiant against the threat, at great personal risk. Many were lost, but their spirits will live on forever.

#29 Posted by villainy (554 posts) -

@tycobb said:

@ben_h said:

@tycobb said:

Parameterize your queries!

I just covered that in a book I am reading so I find that immensely humourous.

It is good to hear things are under control. It was getting pretty goofy for a bit there.

Nice. It truly is amazing how many applications exposed to the public just run ad hoc queries with little or no validation while using values given right from the user.

Never ever look at the results of an automated (customer approved) injection scan through a medium-large shared hosting environment. The horror...

#30 Edited by StarFoxA (5144 posts) -

This is yet another opportunity to stress the importance of using a password manager, especially considering how many web accounts the average Internet user maintains, and the frequency of security breaches nowadays. Even if there wasn't a password breach, having that kind of security is well worth it.

I personally recommend KeePass.

#31 Edited by LtSquigs (265 posts) -

For the record we do clean all our queries and any input coming in :)

#32 Posted by Ezakael (930 posts) -

Considering the amount of time I browse these forums I always seem to miss all the drama. Glad to see everything is doing alright now.

#33 Posted by Monkeyman04 (1044 posts) -

@rorie I'm glad that you have updated us on the situation and I hope it gets dealt with in a timely manner. Also here is a gif of a puppy enjoying a vacuum.

#34 Edited by TruthTellah (8720 posts) -

The oddest thing to me is that the person behind this is clearly a current or former Giant Bomb user. Probably a former Premium Member, as well. And one that has some sense of humor. A pretty iterative sense of humor, but a very Giant Bomb style of humor nonetheless. There's a real personal vendetta here. But then, it isn't purely destructive. It's just wanting to mess around and get attention.

Seems like they're from North America or Europe; my guess would be the United States by their style of English. And they were at least around for the last site redesign. They're fully aware of who Rorie is, and I get the distinct impression they are familiar with the former user Hizang. But that may just be a coincidence. Their speech was very male, as well, with a sort of puerile homophobia. I'm guessing they used to do a decent bit of wiki editing, as well. It seems like their joy in this was feeling like their grievances over what they regard as past "censorship" of their unpopular opinions were finally being seen by the staff.

I think it's also worth noting that there didn't really seem to be a great deal of vulgarity. The focus was more on being childish and disruptive than vulgar or destructive. That suggests to me someone who has enjoyed Giant Bomb in the past but feels that they have been wronged in some way deserving of harassment. It's more of a needy cry for attention from a site they care about, as they quite clearly could have done more damage and made a bigger mess than they did.

#35 Edited by mrpibb (469 posts) -

@villainy: The auth address is purely for https purposes (which is why the two addresses go to the same ELB). The web servers go to different backends to do their jobs (data for giantbomb, password/login auth for auth). Much like rorie said, we keep the passwords, billing, and other personal information on different data stores. We'll probably do a post-mortem blog sometime down the line once we're sure we've closed the security holes both to drive discussion and provide visibility.

Staff
#36 Posted by Duffyside (888 posts) -

Rorie, I'm so sorry about your penis. :(

#37 Posted by mikecardii (236 posts) -

#38 Posted by daedaluss (32 posts) -

I bet it was Dave!

#39 Posted by McGhee (6094 posts) -

It would be funnier to think that a mod just went crazy and started banning people and making jokes about Rorie's penis.

#40 Posted by gaminghooligan (1434 posts) -
#41 Edited by TruthTellah (8720 posts) -

@mcghee said:

It would be funnier to think that a mod just went crazy and started banning people and making jokes about Rorie's penis.

That's what some people thought at first, but then it became clear that something else was happening. Plenty of people thought ZombiePie had finally lost it, but he had nothing to do with it.

That would certainly make a more entertaining story though.

#42 Posted by villainy (554 posts) -

@mrpibb: Thanks very much. I try to assume you guys are smart enough to do stuff like this right but I've seen too many horrendous data security situations is all. Sometimes I need some reassurance. I truly appreciate the follow up and I would love a post-mortem. This crap is both frightening and fascinating.

@ltsquigs: You'd better or little Bobby tables is gonna have your ass!

I for one think the mod team and staff have done a great job keeping the conversations for this on track while still letting the GB forums be the forums. Great job and many thanks to everyone who has surely had a hell of a night.

#43 Edited by BisonHero (6396 posts) -

@truthtellah: While I agree with your general assessment of "childish and disruptive" (and I would also append "sad and petty"), I think it's rather premature to read such a specific intent to this individual's action. Maybe he's perfectly happy with Giant Bomb, but is the kind of 15-year-old dick raised by 4chan who causes trouble when he notices a security loophole, instead of quietly sending a PM to someone on the Giant Bomb staff. We just don't know.

Also, could everyone please not discuss this to death? The party responsible for the attack is probably going to keep an eye on the forums to soak up all the attention in the aftermath of the attack, so denying him that attention seems like the appropriate move.

#44 Edited by chikin_n_rofls (139 posts) -

Whoa, crazy. I had no idea this was going on. When the chat poll asked to ban people I answered "yes." IT'S ALL MY FAULT.

#45 Edited by TruthTellah (8720 posts) -

@bisonhero: I think discussion around it is still rather minimal, and as long as it is within the context of demeaning an el1te haxxor kiddie, I don't see the harm in it. We just shouldn't go spreading his name or giving direct attention like that.

As for why I hypothesized his specific intent, it's because I'm going off direct comments from him to me and others throughout the day. They gave every indication that it's someone who was formerly a member of the site and holds a childish grudge. They didn't make any demands, but they absolutely presented that this is about some kind of disruptive vengeance. And it wasn't about ruining Giant Bomb. It was just about making sure Giant Bomb knew that they are displeased and don't know a constructive way to express that displeasure.

#47 Edited by TruthTellah (8720 posts) -

Whoa, crazy. I had no idea this was going on. When the chat poll asked to ban people I answered "yes." IT'S ALL MY FAULT.

You monster!

Take him away, boys.

http://farm8.static.flickr.com/7164/6812082757_f1d34ba9f9.jpg

#48 Edited by Rorie (2778 posts) -

In terms of the individual behind all this, it seems relatively clear that he or she has visited Giant Bomb in the past. I didn't see too much in the way of clear reasoning behind the events, but I'd love to hear more. Feel free to reach out to me via PM or the contact addresses above if you're reading this.

Staff
#50 Posted by Dizzyhippos (1395 posts) -

Only this site would turn a post about security issues into a puppy topic, I love this site so much lol