Underlight Discord Chat: http://discord.underlight.com/
Production Server: Online (Version 3.1.15)
Player Test Realm Server: Offline (Version 3.1.15)

Data Leak 2006-1997 - Please Read!

Post Reply
User avatar
Koi-Wish
Founder
Posts: 309
Joined: Wed Jan 22, 2014 3:51 pm

Data Leak 2006-1997 - Please Read!

Post by Koi-Wish »

Dear Community,

There was a bit of a data leak of “historical” Underlight data, it was inadvertent and not a result of any mistake on KoiWare LLC’s part. The data was ONLY First and Last Names as well as Email addresses associated with characters in 2006. No other personal information was included. The leak was a result of the owner of UL’s original code (not the owner of KoiWare) giving permission to a previous member of our development team to place UL’s code “public” on Github. Along with the code, the database from 2006 was uploaded into Github. The real names and email addresses were not purged from that database before it was uploaded. Once we were made aware of this, we acted, even though it was not necessarily our place to do so, we acted on behalf of the community. Again, I stress, no critical personal information was leaked. It was only real names and 14+ year old email addresses associated with characters from 2006 back to initial launch. It was accidental by the poster and certainly not malicious.

Below is a rough timeline of the leak and actions taken:

  • August 2018: Prior member of KoiWare, LLC obtains authorization from owner of Underlight to go open source. OpenUL is established via KoiWare, LLC's version of source code from 2018 and establishes their own Underlight OpenUL repository via Github. This is identified as beginning of data leak to public.

  • June 22nd, 2020: KoiWare, LLC is informed of the leak and the team begins process to protect the UL community by opening a ticket with Github support to have the leaked data removed from OpenUL's repository (and forked repositories). The leaked data included first and last names with email addresses from 2006. Passwords were among these, however they are server generated passwords from the Lyra Studios era (1998 - 2006) game and not from KoiWare's live player database. The passwords are effectively meaningless as players did not have an option to create their own dream character passwords.

  • June 22nd, 2020: KoiWare, LLC reaches out to owner of OpenUL repository to inform of the data leak reported.

  • June 22nd thru August 18th, 2020: Continual communication between the owner of Koiware LLC and GitHub regarding the nature of the leak, the actions needed to be taken, and progress as results are obtained. Github originally insists we contact fork owners (Fork owners were additional public copies) but eventually removed the data themselves on August 18th.

  • July 16th, 2020: KoiWare, LLC obtains access to OpenUL repository and performs git purge operations of leaked data.

  • August 18th, 2020: Github Support removes forks with leaked data from OpenUL's ULServer repository.

  • August 31st, 2020: KoiWare, LLC posts an announcement of the dataleak via the forums, as well as emails end-users who's email addresses cross-referenced from the leaked data on OpenUL's repository to those that currently exist in KoiWare's current database.


Again, I can not stress enough that this was “ONLY” real names, and email addresses used in 1997-2006 Lyra Database, no other additional personal information was made public. It has since been purged and wiped and we are now addressing the community on the matter.

If you have any other additional concerns, or would would like more specific information, please reach out to us directly at the following email address: openul-dataleak2020@underlight.com. The subject will not be discussed through any other email or public medium.

Thank you for your continued support.

Brian Clementoni
Producer, Koiware LLC.
Post Reply