Jump to content


Photo

Pandora Review


  • Please log in to reply
140 replies to this topic

#1 gizmo

gizmo

    Administrator

  • Administrators
  • 959 posts
  • Location3DXChat

Posted 02 July 2017 - 06:50 PM

Dear 3DXChat Community,

 

Recently on our forum there was a topic about a service which according to the creators, allegedly can hack the 3DXChat Servers Database and collect data of the accounts of our players.
Including old data that has been since deleted.

 

This is not true, they cannot get access to our database. But this service simply collects public data (for example profiles, pictures, gifts).
It seems they just scan the players' profiles every day (maybe even several times a day) and save all of the information collected.
Therefore, you can see the history of the profile changes there. We do not store old account data on our server.

 

I just want to remind you not to use your personal data in game profiles! Pictures, Names etc. Since this data becomes public for all players to view.

 

Also, if you want no one to find your alts, then just create a new account in 3DXChat for a new email.


  • Pierrousss, Leeloo, Nymphpott and 14 others like this

#2 chloe

chloe

    ♫ Queen of Bass ♫

  • Members
  • PipPipPip
  • 3,236 posts
  • Location❤ Felia ❤

Posted 02 July 2017 - 07:00 PM

@gizmo: even if I have nothing to hide I find that big brother data collection situation worrying. Isn't it possible to track those ips downloading data above average and block them?
  • gizmo, Feuermond, AnyNameWillDo and 2 others like this

#3 RobT

RobT

    Optimus Prime

  • Members
  • PipPipPip
  • 7,823 posts
  • LocationMichigan

Posted 02 July 2017 - 07:05 PM

what are they collecting? at maximum they are getting pics, profiles and avi names. 3dx doesnt store credit cards etc . you can view that stuff  freely anyways


  • Eugene, BrettSmith, Feuermond and 1 other like this

#4 UkiUkiJump

UkiUkiJump

    Advanced Member

  • Members
  • PipPipPip
  • 118 posts
  • LocationFEMM's Agency Syndicate

Posted 02 July 2017 - 07:08 PM

This still falls under the community rules, especially since a few people who have access to this 'hack' are using it to bully other players.
  • UrToy, ExHaran, Athene and 2 others like this

#5 Veronique

Veronique

    � Member of FoA MC �

  • Members
  • PipPipPip
  • 880 posts

Posted 02 July 2017 - 07:10 PM

How can they scan all profiles without accessing the database?


  • ExHaran and Achroi like this

#6 AnyNameWillDo

AnyNameWillDo

    Her North Star...

  • Members
  • PipPipPip
  • 995 posts
  • LocationUnited Kingdom

Posted 02 July 2017 - 07:15 PM

Firstly, thanks for the feedback and showing that as a developer of the game you are taking this seriously and, I presume, beyond posting a response on the game's forum. A tool which is designed to make public things which people have a right to remain private - the names of alts, for example - undermines trust in your platform. That's neither good for players, or for you. Whether or not the impact is profound is not really the point, it's the hijacking of the game by a third party and the way this affects the relationship between customer and provider which is key. A sex game lives or dies through the belief that privacy - and its protection - is at its core.


  • UrToy, ExHaran, ChiK73 and 4 others like this

#7 gizmo

gizmo

    Administrator

  • Administrators
  • 959 posts
  • Location3DXChat

Posted 02 July 2017 - 07:24 PM

So I must warn you guys and you should understand that alts on the same account is not private data and there is a way to find other characters on the same account.

It's possible due to an option of ignore whole account. Because all avis on one account have the same tag or ID.


  • Pierrousss, Leeloo, Feuermond and 1 other like this

#8 Guest_Sven Bømwøllen_*

Guest_Sven Bømwøllen_*
  • Guests

Posted 02 July 2017 - 07:25 PM

No panic!!. The important data such as e-mail and credit cards can not be read by anyone.These data are absolutely secure.


  • gizmo, Leeloo and Feuermond like this

#9 RomanFox

RomanFox

    Advanced Member

  • Members
  • PipPipPip
  • 170 posts
  • LocationEurope

Posted 02 July 2017 - 07:26 PM

I have mixed feelings about this, so I'll just stay quiet and stick to the shadows on this one. Glad to see the developers caught on though.



#10 AnyNameWillDo

AnyNameWillDo

    Her North Star...

  • Members
  • PipPipPip
  • 995 posts
  • LocationUnited Kingdom

Posted 02 July 2017 - 07:35 PM

So I must warn you guys and you should understand that alts on the same account is not private data and there is a way to find other characters on the same account.

It's possible due to an option of ignore whole account. Because all avis on one account have the same tag or ID.

 

Yes, of course, that is true but that take a little effort, actually seeing an avi who is not on your friends list etc, as opposed to just typing names into a third party program, which also has the facility to see if someone is online or not, even if that person is not a friend. Linking avis to a single account is possible within the game, but that's a byproduct not the intention of a specifically designed tool.

 

Anyway, looks like you're addressing this, so once again, thanks for the feedback...


  • chloe likes this

#11 RomanFox

RomanFox

    Advanced Member

  • Members
  • PipPipPip
  • 170 posts
  • LocationEurope

Posted 02 July 2017 - 07:54 PM

On the other hand, you can't really blame someone for creating a tool, that has been something that some people have been craving for. With the amount of paranoia, fear and who knows what else... being fueled by bad experiences here, something like this was bound to happen. I'm neither approving or disapproving this tool... But I do understand why it got made.


  • Rockster likes this

#12 RobT

RobT

    Optimus Prime

  • Members
  • PipPipPip
  • 7,823 posts
  • LocationMichigan

Posted 02 July 2017 - 08:08 PM

On the other hand, you can't really blame someone for creating a tool, that has been something that some people have been craving for. With the amount of paranoia, fear and who knows what else... being fueled by bad experiences here, something like this was bound to happen. I'm neither approving or disapproving this tool... But I do understand why it got made.

 

this isn't anything new, hell over a year ago I recall a couple people being banned for using this or something like it. They had told some people they had. If it doesn't connect to the server I'm not sure how one would stop such a thing unless you could encrypt the data somehow. I don't know enough about servers and such to say if that's possible



#13 Abbey

Abbey

    𝚁𝚘𝚢𝚊𝚕 ♔ 𝙺𝚒𝚝𝚝𝚎𝚗

  • Members
  • PipPipPip
  • 659 posts
  • LocationUnited Kingdom ✿

Posted 02 July 2017 - 08:33 PM

The logical step would be to encrypt the data being sent out. It's kind of a large over sight to not encrypt and secure the data. By not encrypting data and securing the games code, all the game data is left wide open to abuse and opportunistic third parties.

 

I hope this will be addressed seriously in the future. As without it all we seem to be seeing is a gradual escalation of third party abuse of the game and it's users.

I'm sorry but no user or non user should be able to scan the entire games streaming data and collect information on every single player & put it up for sale.

 

Acceptance of this because they have not physically breached the database is not what I think we should be hearing.

 

I personally do not have any alts, but I found it funny how solution offered to maintain alts privacy is to sign up for another subscription £$.

Made me laugh a lot ლ(´ڡ`ლ) lol

 

Abbey


  • UrToy, Ashbash, Cordelia and 3 others like this

#14 Nitroo

Nitroo

    Advanced Member

  • Members
  • PipPipPip
  • 559 posts
  • LocationEurope

Posted 02 July 2017 - 08:34 PM

Ty for the warning gizmo. I just wonder why they scan our data, what for they need it. Scarry somehow.



#15 Nikki

Nikki

    𝔓𝔯𝔬𝔪𝔦𝔰𝕔𝔲𝔬𝔲𝔰 𝔊𝔦𝔯𝔩

  • Members
  • PipPipPip
  • 1,618 posts
  • LocationSeattle, WA

Posted 02 July 2017 - 08:45 PM

Ty for the warning gizmo. I just wonder why they scan our data, what for they need it. Scarry somehow.


They do it because they can, and the paranoid people are willing to throw their money at those who can.

So yeah that might be the reason.

They can make money of people being paranoid.

Welcome to the internet.
  • ExHaran, Savvyrose, Xanar and 2 others like this

#16 RomanFox

RomanFox

    Advanced Member

  • Members
  • PipPipPip
  • 170 posts
  • LocationEurope

Posted 02 July 2017 - 09:34 PM

And the solution to counter it is not to better secure the data, but to suggest a second subscription... ironic isn't it?


  • skully and Athene like this

#17 Riela

Riela

    Inactive

  • Members
  • PipPipPip
  • 633 posts
  • LocationEurope

Posted 02 July 2017 - 09:49 PM

Hey Gizmo.

 

I just have quick question, can this leak cause issues between you and BMT Micro?

Last time there was issue about someone searching email and history on their site and it got fixed really quickly.

There are many of us who have 6 months + subscriptions that would happen if someone report you for privacy breach?


  • Athene likes this

#18 Feuermond

Feuermond

    Advanced Member

  • Members
  • PipPipPip
  • 239 posts
  • Location❤...in Missy's arms...❤

Posted 03 July 2017 - 05:06 AM

They scan public data... Well, how? Of course when I'm logged in my user ID or so needs to be sent out to make me visible to the others, of course my profile then can be seen manually and as the data are there also be read automatically.

As I am friend with others there are links to me and to my friends. Following these links would make my profile readable even when I'm not online. The friend list anyway should be private to the owner but the gift list is not. So from the gift list of a logged in user you can read the profiles of all who gifted him and this is cascaded; from the results you can again scan all who gifted them and so on. This could be easily broken if there would be only the information X gifted Y without X's profile linked. The question is if we want it.

I do not really see a serious technical issue here except somebody does an automatic big data which maybe rated a poor moral.

What makes me more worried is the open and not encrypted connection in general. This should be addressed at once. If I understand things right this will prevent our logins from being hacked by man in the middle attacks for instance but not from the scanning thing because in the end in my client the data need to be decrypted to be able to play. So don't think encryption can solve every problem. The issue addressed here by gizmo in my view is not an encryption issue and the reading of public data can indeed be done without database access.

Please see I just did some thinking and found things to be very plausible. I cannot guarantee that all this is right. Adding gizmo's hint not to post any real personal data in profiles I suggest strictly to have another game password than the one that provides access to the email account you play with here. Your email should not be scanned but it is good security practice anyway if for what reason ever there are leaks even though. For the same reason it is a nice idea to have different passwords for the 3DX and the forum here. And surely you do good if you follow the common rules for good safe passwords.

3DX for me is not that unsafe as some panic threads would imply. Maybe gizmo could have explained things a bit more in detail but at least I agree to his hints.

Update: I found a Pandora review which says the profile's data can be read without having a own game account. That indeed first seems as if data are public which should be available to players only. Well, knowing Pandora is a service, not a stand alone 3rd party tool, it is easy to imagine the service has one or more game accounts which are abused to collect the data. So in the background still nothing is public but some guys abuse there logins. These guys cleary know they are illegal as they provide their service in the Tor network only and if you pay them they want Bitcoin only.
  • ExHaran, chloe and PeterHard like this

#19 gizmo

gizmo

    Administrator

  • Administrators
  • 959 posts
  • Location3DXChat

Posted 03 July 2017 - 06:46 AM

I just have quick question, can this leak cause issues between you and BMT Micro?

 

No it's not. Because we have no privacy breach and no leak.

All the important private data regarding your orders is stored on the BMT Micro servers and it's impossible to get it. Also BMT Micro does not store credit cards info.

 

The goal of this topic is to keep you informed guys, and warn you to not use your private data on public profiles, pics and etc.

 

Of course we at the dev team are trying to find out the best way to improve our game. For example we can implement data encryption between game client and server, also track and block IPs of scanners, or even rework the whole game architecture by removing players tags and 'account wide' ignore option.

 

 

They scan public data... Well, how?

 

As well as search engine scanners. Google crawler for example. It grabs all public data on websites and index / store all captured info.


  • chloe and Feuermond like this

#20 Feuermond

Feuermond

    Advanced Member

  • Members
  • PipPipPip
  • 239 posts
  • Location❤...in Missy's arms...❤

Posted 03 July 2017 - 06:56 AM

I know crawlers do. I just asked myself how it be done in a game I need a login for without the database is hacked.

I found my answer, shared with the community, all good for me :)
  • chloe likes this


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users