Looks like the UGC Admins are aware of it now. The forums are unavailable.

ugc got ddos'd by an angry 12 yo in the past, im not surprised this happened

and nothing of value was lost

I got some warning on my Gmail saying that my account was tried to be accessed from Ukraine, unsure whether or not is it affected with this or the Steam fuck up with last evening. Either way I don't even use the same password in both UGC and Gmail or Steam.

The link I provided said: UGC has been hacked, your emails, IPs and passwords were leaked, also follow some random account on twitter, so yeah probs a 12 year old fucking around.

So we're still trying to get things sorted out. Here's what we know so far:

• The attacker gained administrative privileges through an unused account that had administrative rights
  
• The attacker had administrative access to the forums and executed control panel actions from 5:25am EST - 5:51am EST
  
• The attacker created an email list of board members. It is safe to assume he retrieved it and stored the list on his local machine
  
• Passwords were not compromised as there is no way to receive password hashes from the forum itself. The attacker never had access outside of the vbulletin admin panel. (Yes password are hashed and salted)
  
• Other actions included altering forum permissions then deleting forums, leaving only the recruitment and general forum behind
  
• There is no "quick" or "easy" way to receive IP addresses from users as an administrator must go from profile to profile and manually copy and paste last login IP addresses.

We are still investigating, however it appears that the only damage done was a leak of email addresses as well as loss of forum data. If anyone has any information that they would like to share, add me on steam and leave something on my profile so I know to accept it (too many spam bots add me so I generally ignore friend invites).

hope you guys get things under control for the upcoming season, its a real pain when this sorta thing happens

so it wasnt because your forum runs a outdated forum script?

http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4250687-security-exploit-found-in-vbulletin-4

-

The people that do this often have some sort of severe mental health issues. People always say "hackers have autism xd", but in reality they most likely have some sort of severe depression or social awkwardness IRL and that carries over to the internet as well.

They get some sort of twisted high by making other people miserable/ inconveniencing them, and when people react to it, it makes them feel more worthwhile and or they like the attention they get from doing it.

at least passwords aren't in plaintext anymore

ya i dont think anything u said is remotely true nor does it contribute to the conversation

ive actually never heard somebody say 'hackers have autism'

im pretty sure there was just some low level ugc player who was mad at ugc admins for something and googled a vbulletin script

a lot of gray/blackhat guys are just bored more than anything

also ive noticed the people who consistently try to pin autism/depression/mental health issues on others tend to be the most unstable/unhappy themselves

funny how that works

wait, so they left behind the general and recruitment forums, but deleted everything else? did they not realize that those were the only 2 public forums anyone used? lmao... hope you guys can fix this idiot's work and retrieve the lost stuff :/

I believe you're confusing UGC with ESEA

https://www.reddit.com/r/truetf2/comments/30d8hf/ugc_stored_passwords_in_plaintext_you_should/

:^)

Good fucking job UGC

And here people were saying UGC never gets coverage on TFTV!

It's unfortunate it happened over Christmas, thank you for taking the time away from your family to remedy the problem.

Well, the forums are back now. Have fun.