What a fun weekend it’s been! Friday night I unfortunately had to break the news that Club Penguin suffered a security lapse resulting in stolen information and in my case, also a penguin account. If you haven’t read that post yet I recommend you do before reading this one. Either way, I’ll summarise:
- Sometime within the past month (a guesstimate) two or three (rumoured) Club Penguin cheaters/hackers managed to get in to Club Penguin’s moderator panel
- Since they have access to the moderator panel they can look up player information, such as mine
- They looked up my information, took screenshots, and showed a few people
- Someone with the screenshots, Sentrix, called up Club Penguin pretending to be me to see if he could get my penguin moved from my parent account to his
Now for the follow up post. I’m still annoyed that this whole incident happened. Mad is too strong of a word. I’m not really disappointed either, since I can understand companies have security flaws and nothing is foolproof. However, I decided to go public with the knowledge that Club Penguin had the break in because I more or less had had it and this was the final straw. Item adders and coin adders pose no security threat to the game, other than the fact that they can log passwords. Club Penguin seems to not care much about them since nothing has been done about the second wave of item adders going around. There was the initial item adders that began last Summer but didn’t gain a whole lot of traction until almost a year later, this Summer. There was also the supposed DDoS attack that took Club Penguin offline for some time in July 2013. Then, in May of this year there was also the issue where someone somehow took control of Club Penguin server and could control other penguins, bypass the filter, and more. If interested, click here to watch a video of it happening. Please note I’m being serious when I said they managed to bypass the filter, as there is a bad word or two said by a penguin in the video multiple times. I don’t condone that type of language so watch it at your own risk. There was also the bad language in the postcards hack, a Club Penguin cracker done by guessing passwords when fed a list of usernames and what to guess, and who knows – maybe there’s more. So with all that having happened in the past year and a half you can pretty much understand my frustration when I find out Club Penguin had this serious of a security breach and decided to go public about it. Based on what I’ve been told (nothing is confirmed) it seems the hackers only looked up the info of some individuals such as myself and didn’t get *everyone’s* data. (and if they did, I sure would hope Disney would come forth about that) I do know at least one other individual’s information was looked up besides my own but I will not be saying who.
Chances are your information is safe anyway. The hackers aren’t going to care about Xogirl23’s information or Hockeybro99’s information. Unlike the casual players of the game, I guess I am considered “high profile” as I’m famous or well known due to my blog and large amount of Twitter followers. I would not be surprised if the hackers looked up info of other famous Club Penguin blogger such as Chrisdog or even Club Penguin employees such as Polo Field or Spike Hike, but again, this is just a guess. I have no confirmation of what exactly the hackers looked up besides my own information as well as the information of another Club Penguin player who is close to me. Apparently, however, Club Penguin did have an email leak a year or two ago so the private email I had Trainman1405 under was also known by the individuals who accessed it back then.
A lot of you are probably wondering “did you get your penguin back?” the answer is yes. Brodude/Sentrix did give me a password to login to Trainman. Before I made my post on Friday I did email Club Penguin Support to get the penguin back and by Saturday afternoon it was back in my hands, passwords reset and secured so the parent account can not be changed anymore. So thank you to the team for that.
Was I ever worried about my penguin never being given back? No, not at all. I was confident it would be returned. Even if it wasn’t, I had no intentions to quit. Not even this whole security breach made me want to quit. Quitting is just overreacting in my opinion. Yes, I’m not happy with this happening, but I don’t think that is a logical reason to quit unless you’re already losing interest in Club Penguin and needed a reason to.
One other thing I wanted to mention is this, and a few people said it to me. They said that because I said Club Penguin’s security sucks and made them look bad by posting about the security breach, I’ll probably never get a job with them. If that’s the case, then oh well that’s too bad and it’s my fault. It just wasn’t meant to be. I’m not going to censor what I write about just for the possibility of getting a job with Club Penguin at some point in the future. I believe the readers of my blog have a right to hear all Club Penguin news, good or bad, happy or sad. I’m not going to write about Club Penguin only in a positive light just so I can stay on the good side of them and possibly work for them in the future. I find that silly. Whether or not a security breach affects just me or all Club Penguin players, you still have a right to know about it. That’s my two cents about it anyway. Besides, I’ve already had to take down two or three posts in the past upon Club Penguin’s request and they were not nearly as serious as this incident. If I have, a scoop worth writing about, believe me, I will make sure I write about it. As for what Disney plans to do now in terms of the hacking, I do not know and I doubt they will publicly say anything. If there is anything else worth posting related to this incident you can count on me to post it.
Thanks for sticking with me through all this, and it’s good to have my penguin back. :)