Scripting Helpers is winding down operations and is now read-only. More info→
← Blog Home

Damage Control

Posted on June 30, 2016 by evaera

Scripting Helpers community,

Today, June 30th, one administrator's account on our website was accessed by a third party. The attacker had access to the account for roughly thirty minutes before the website was locked down. The attacker edited content on the website, most notably our most recent blog posts, which have now been restored.

The attacker also had access to an incomplete admin panel. The admin panel could edit user permissions and display user logs. The user logs contain information about questions, answers, logins, user name changes, etc.

The attacker had access to all recent IP addresses and email addresses used by all accounts. While it is unlikely that the attacker stored the vast majority of user information, it is more likely that he accessed specific user accounts that were registered to our website that could be considered "high value" - such as website administrators, Roblox administrators, and famous Roblox users.

We have no reason to believe that any other user information has been compromised at this time. Please note, however, that if your email is associated with a password in an account dump that's been posted online (from a previous hack of an unrelated website in the past), then your ROBLOX username will now be associated with that information.

I would like to apologize on behalf of the entire Scripting Helpers team for this incident. We are truly sorry about this and we will try to do better in the future.

— evaera, Owner, Scripting Helpers

Posted in Site Updates

Commentary

Leave a Comment


Community Guidelines
Sqlz says: June 30, 2016
Indeed, I was online when this happened. :))))))
M39a9am3R says: June 30, 2016
As of this time the accounts given admin have had the permission removed. The staff account of which was compromised is under investigation and we are trying to make contact. We will be taking measures to improve security of our website to ensure this issue does not occur to this extent again. Thank you for your patience as we are recovering from this incident.
koolkid8099 says: June 30, 2016
Having someone's ip address is not really a big deal. You would be in more danger giving out your street address to someone then giving out your ip
Volodymyr2004 says: June 30, 2016
do admins have access to my password and IP adress
ImageLabel says: June 30, 2016
^ + Is it possible that the intruder had explicit access to our passwords?
M39a9am3R says: July 1, 2016
With the intruder's level of access to the website, he did not have access to any user passwords. The only information the intruder was able to obtain were Internet Protocol addresses and email addresses. If you have further questions involving this incident you can contact us at [email protected]. Thank you.

Recent Posts

Sunsetting Scripting Helpers
Advertise your Roblox Product or Game on Scripting Helpers
Scripting Helpers Forum Data
Creating A Furniture Placement System
Creating Your Own Simon Says!
Snack Break Problem #28

Archives

April 2023
July 2021
June 2020
November 2018
September 2018
August 2018
older...

Categories

Events
ROBLOX News
Scripting Challenges
Scripting Tips
Site Updates
Uncategorized