UNITY ASSET STORE BROKEN OR HACKED AGAIN?

So as today everytime tying to access the asset store whether through a search engine links or url directly the link is hijacked and sent to a page asking for login information such as username and password.

Appears unity store was hacked and now redirected to a fishing site. Happens multiple computers and different networks so Store is broken or hijacked.

Whats the story people? Or is this legit and asset store is private and not public? Or were you hacked?

We should not have to give out passwords to just look at an asset. feels completly wrong.

 

What link are you trying to access? It is working fine here

 

https://www.assetstore.unity3d.com/
www.assetstore.unity3d.com

any links from google, yahoo, bing search engines.

every time link is hijacked and then sent to : https://id.unity.com/en/conversations/1cf616b1-7a9d-4563-9081-49b5c8a8cf9c004f

or

https://id.unity.com/en/conversations/a5ec0fc4-f24c-4dab-a3e2-00dd69d19522018f
https://id.unity.com/en/conversations/d32e5a2b-d92b-4fb0-b8e6-5aa0d260896f002f
https://id.unity.com/en/conversations/182069d9-0915-491f-80b1-aad9185b27f4001f

See above...its appears maybe someone hacked it and has some script running that steals your info and sends it as a conversation to the hacker.

Links appear to be a scam. It changes every time. Only doing this on the unity site. No malware or virus at this end. Maybe unity is infected or someone hacked them and they have no idea.

It keeps trying to steal my credentials.

 

Seems to be acting normal for me.

 

FIX: reboot modem/router/network => clear all internet cache and cookies => new unity store is a filthy mess and causes grief.

It's now working as it should again. No longer asking me for my info and store loads as normal.

Insanely weird. I got facebooked that its a problem with the New store. It's so broken and being jammed down our throats and shoved in our faces constantly with all the errors and glitches and grossness.

New unity store acts like malware/virus and can cause you being stuck in a loop being forced to login just to look at an asset but rather then show you the asset it takes you to your downloads or when trying to access the store it will force you to login.

Thanks for all the info here and there. Why doesn't unity just take down that stupid broken store. its so frustrating.

 

Don't you think you're acting a bit off here? "New Unity Store is a filthy mess | acts like malware/virus"

Those id.unity.com links are genuine and seem to be used for logins on Unity's side (see here).

 

Pretty sure it's malware on your computer / whatever browser addons. Malicious ones will sometimes (but not all of the time) hijack a site your end. You then blame the website but it's just your computer. I think that's the case here.

 

Not at all. Its clear its broken and acts like malware by sending you to a completely different link and asking for credentials instead of showing you the store without the need for all your passwords. If the store was working correctly it would not behave the way it does.

 

Sorry but nope, was not malware. It's just bad coding and design. Clearing the broken/bad code that is cached by the browsers from website that created the bad cache works. Without knowing what exactly is happening one could quickly think they are infected or the site is infected. I have seen this before on other sites and it was a legit cross-scripting attack. It would be naïve to think unity is immune. They have been hacked before so it just a matter of time when it happens again. Not if...but when.

It's easy to blame a browser or addon but when its multiple devices and different browsers a little intelligent thought one can see the fault is not the browsers or addons since they are all different and edge has no addons or nothing. Same result...its clear anyone who tries to use the new store. it hasn't worked right since it launched.

The way it was explained to me is the store has bad coding. What happens is if you happen to have been logged in and even look at the new store and change your view to the old store but log out, the new store keeps thinking your logged in (bad coding) but your not so here its stuck in a loop and redirect you to your downloads instead of the store page. No matter what you do the new store coded mess thinks no matter what your trying to do you want to see your downloads, even if your logged out. So it constantly sends you to javascript JIT coded link/page that trying to get you to log in so it can show you your downloads. It doesn't matter if your logged out or anything. Your forced into your downloads.

New store doesn't care if your logged out, or want to browse an asset or just want to load the store...it demands to show you your downloads instead. Broken by design.

This is by broken design and not a virus or malware.

 

Sounds a bit different from stating Unity redirects to a phishing site though..? And I've tested it with 3 browsers but none of them exhibit your issue so it must be an unintended bug. Doesn't appear to be by design.

What do you suggest as a solution?

 

Allow me to teach you hippocoder about phishing and what it is...

In a nutshell it's when you think your on one page but redirected to another that looks legit but asking for your login info. For your review: https://en.wikipedia.org/wiki/Phishing

You see I tried to use: https://www.assetstore.unity3d.com/
it redirected to random links looking like: https://id.unity.com/en/conversations/a5ec0fc4-f24c-4dab-a3e2-00dd69d19522018f
Asking for username and password which this page is random generated everytime. It's not static and looks fake.

So you see, that is exactly how phishing works, just like this experience.

If this happens and you need the solution...just read my post as I already stated how to fix but here it is again:

SOLUTION /FIX: reboot modem/router/network => clear all internet cache and cookies

AND DO NOT USE THE NEW STORE OR ANY OF THE NEW STORE LINKS.

To see example....log into old store, then when you see the banner that says go to the asset store beta => click it and it will take you to your downloads instead of the store, then log out on that page. Then close and try to access the store through any links...your hijacked and forced to some random conversation page asking for your credentials.

I never logged in that way but I'm told that if you log in it will take you back to your downloads.

 

Seems like you've been told a lot of things. What further help do you require?

 

Yepp, phising works like that. Also OAuth. If you think it's wrong and phising (which is not, because id.unity.com is a legit Unity URL), then I hope you don't use google products for example, because they use oauth-like authentication as well. They redirect your browser as well.

 

1. We all know what phishing is and what it's not.
2. I just logged into the forum by clicking on the portrait icon in the top right corner, clicking on the "Log in" button and - oh wow - the link I was redirected to was "id.unity.com/en/conversations/[random_letters_and_numbers]". After logging in, I observed something with "api.unity.com/v1/oauth2/authorize" in the URL bar.

It's just for Unity logins. No phishing, no malware nor happening because of a broken/filthy Asset Store.