PDA

View Full Version : Regarding Habbo Security


Ivan
02-07-2011, 04:32 AM
As many of you are aware, there have been many security exploits on Habbo Hotel tonight

As a precaution I advise all users to NOT CLICK ON ANY LINK like this:

http://**********/rpx

There are many links going around, and if any more information is required by yourselves, then i advise checking

http://www.habboxforum.com/showthread.php?t=708657


HotelUser has posted what is currently happening and steps YOU SHOULD TAKE to prevent being exploited and hacked.

As you may be aware the Management team here take users security VERY SERIOUSLY and will do ANYTHING to prevent any bad issues from happening

Should you see any users posting links like that or above, or indeed Broken images...

DO NOT CLICK ON THEM OR EVEN LOOK AT THEM - REPORT THE POSTS OR USER(S) IMMEDIATELY


This thread will be updated upon updates to this Situation by Administration

[announcement source HxF (http://www.habboxforum.com/showthread.php?t=708657) via TH (http://www.thishabboforum.com/showthread.php?p=303703#post303703)]


NOTE: We suggest whilst you are logged into Habbo, you are recommended not to visit any other sites during that time you are logged in. This also includes forums as a safety precaution. If you would like to use the forum, please stay logged out of Habbo and preferably use a different browser to that of the one you use for Habbo. If you have just signed out of Habbo, please do not visit any sites for 10 minutes.

Ivan
02-07-2011, 04:36 AM
Some temporary measures have been put into immediate effect:

- Have and will continue to keep short URL services filtered for the meantime
- Have filtered the use of IMG bbcode
- Have filtered the use of URL bbcode
- Have disabled users from uploading signature images as a precaution
- New users will be accepted upon moderation by an administrator

Ivan
02-07-2011, 06:21 AM
We are still enforcing some temporary measures until Habbo announce/give word that this has definitely been patched.

The following still stands:

- Have filtered the use of IMG bbcode
- Have filtered the use of URL bbcode
- Have disabled users from uploading signature images as a precaution
- Have disabled the mp3 bbcode - so links do not work

Kild
02-07-2011, 11:10 PM
There is still some considerable concern that this exploit remains active; the latest advice, courtesy of MrCorn is:


Be careful with what links you click, avoid clicking short url links.
Avoid visiting any websites that you haven't visited before/only visit sites you trust.
Don't click links directly from habbo.
To avoid getting your habbo hacked all together just use a separate browser for habbo.
We'll keep you updated with any revelations that occur.

Ivan
05-07-2011, 01:39 AM
There is still some considerable concern that this exploit remains active; the latest advice, courtesy of @MrCorn (http://www.hffmforum.co.uk/member.php?u=7087) is:



Be careful with what links you click, avoid clicking short url links.
Avoid visiting any websites that you haven't visited before/only visit sites you trust.
Don't click links directly from habbo.
To avoid getting your habbo hacked all together just use a separate browser for habbo.

We'll keep you updated with any revelations that occur.

- We have re-enabled Links on the forum so they should work now. But PLEASE BE CAREFUL on any links you click.
- New users will no longer be moderated, but the standard valid email address will still apply as usual in order to confirm that your email linked to the account is real.
- [img] tags for the time being will remain filtered until further notice from Habbo to one of our administrative team.
- For the safety of our users, url-shorteners/habbo.com/hab.bo links will still be filtered also until further notice.

That's all from the updates on this issue for now.

Ivan
06-07-2011, 03:43 AM
- Images are now unfiltered so you may once again use them. If you spot any suspicious images or broken images, please report it straight to a forum administrator or moderator.
- We will continue to filter url-shorteners and habbo links for the time being.

I urge all users to always be careful on any links you may click. Again, if you spot any suspicious links, please report it ASAP to a forum administrator or moderator.

Kild
06-07-2011, 05:22 PM
Habbo Staff have now confirmed a patch; thank you to 0rca.

Recently, starting 30th June we discovered some cases where hackers have been sending safe and official looking Habbo links in Habbo Hotel chat or in Web forums. If links have been clicked, hackers might have been able to get access to the victim's Habbo accounts. This security hole has now been fixed on Monday. In order to prevent additional problems, users whose accounts have been compromised are temporarily under security investigation and not able to log into the hotel at the moment.

Q: I tried to log into Habbo and there's a text saying my account has been temporarily closed. Is that for real?
A: Unfortunately yes. We are investigating few accounts that may have been compromised. Please be patient. We will send you more information as soon as possible.



Q: My account has been closed. When I can play Habbo again?
A: Our security team is working on the case constantly. We hope that we can open your account in 24 hours or latest, in a couple of days.

We will be resulting back to a normal forum service within the next few hours, and we apologise for any inconvenience caused.

Ivan
06-07-2011, 05:57 PM
The last temporary measures have now been lifted:

- url shorteners and habbo links are now re-enabled.
- you may upload signature images once more.


Sorry for any inconvenienced caused during this issue. It was our incentive to protect our users as best as possible from such exploits.


Regards,
HFFM

Kild
11-07-2011, 06:23 PM
Habbo have today published more information regarding last Friday's security breach.

The security investigation mentioned below is still continuing today:


https://help.habbo.com/entries/20252246-important-safety-informatio...

We are currently double-checking all recent account activity for a
small, select group of players in order to identify and address any
potentially suspicious or fraudulent actions. While most users involved
in this investigation were already cleared and unbanned last week, this
intensive double-checking process requires us to keep this smaller group
banned for the next day or two.

We apologize that the investigations are taking longer than initially
expected, but rest assured we are working as expediently as possible to
get all Habbos back into the Hotel promptly and securely.

The Habbo Team