Search Unity

  1. Unity 2019.2 is now released.
    Dismiss Notice

Unity site hacked?

Discussion in 'General Discussion' started by ForceX, May 1, 2017.

  1. AcidArrow

    AcidArrow

    Joined:
    May 20, 2010
    Posts:
    5,747
    Too much "S*** happens" not enough "we're sorry we messed up" I think. And the answers are generally evasive and vague.
     
  2. Martin_H

    Martin_H

    Joined:
    Jul 11, 2015
    Posts:
    3,817
    (from the FAQ on the blog)

    What is that supposed to mean? Are there sites where I can enter my username and password combinations and they check it against all their known database dumps? If so, to me that sounds like a crazy risky thing to use, because those sites could either be compromised or phishing sites in the first place.
     
  3. r618

    r618

    Joined:
    Jan 19, 2009
    Posts:
    788
    yes, there are actually ( without entering password, of course ) - e.g. https://haveibeenpwned.com/
     
    angrypenguin, APSchmidt and Martin_H like this.
  4. Martin_H

    Martin_H

    Joined:
    Jul 11, 2015
    Posts:
    3,817
    Great... all my mail adresses have been in breaches except for the one I meant to be the throwaway gmx address.The Unity breach was not listed, but an Unreal breach was, that I don't remember hearing about. Also I didn't know I have an account on their forum but seems like I do.
    Thanks for the link.
     
    movra likes this.
  5. TenKHoursDev

    TenKHoursDev

    Joined:
    Nov 9, 2014
    Posts:
    1,040
    Its probably good that we now know this has occurred. Many hacks go on undetected for months or the company gets held for ransom and never tells anyone.

    Funny, I saw the 2FA and immediately enabled it but I had no idea this had occurred til now. I just checked my inbox but aside from a strange new Unity newsletter subscription, I have nothing from "outmine" at Unity as the Unity post suggests.
     
  6. AcidArrow

    AcidArrow

    Joined:
    May 20, 2010
    Posts:
    5,747
    We only know because they defaced the forums though :)
     
  7. Billy4184

    Billy4184

    Joined:
    Jul 7, 2014
    Posts:
    4,535
    I'm not entirely sure that this has anything to do with it but anyway...

    After being prompted to change my password by Unity, I changed it (duh) to the same password as my email. Then early yesterday I have a successful sign-in to my account from an unrecognised device. Also, when I went to log in to facebook, I had to sign manually, whereas I'm usually automatically signed in. Passwords seemed to be unchanged, so I went ahead and changed them without a problem.

    Anyway, I don't know if this was a result of the hack, or something else, but it would be a hell of a coincidence. So maybe the site is still dirty.
     
    Martin_H likes this.
  8. TenKHoursDev

    TenKHoursDev

    Joined:
    Nov 9, 2014
    Posts:
    1,040
    D'oh!
     
  9. aliceingameland

    aliceingameland

    Unity Technologies

    Joined:
    Apr 18, 2016
    Posts:
    143
    I believe it means accounts have been checked against known hash lists from other known compromises, not specifically this incident. You can check yourself via a site like haveibeenpwned.com.
     
    Ryiah and AcidArrow like this.
  10. AcidArrow

    AcidArrow

    Joined:
    May 20, 2010
    Posts:
    5,747
    Thank you, that makes sense. (maybe it should be clarified in the blog post itself? it's very confusing the way it is phrased right now)