MX Security Incident March 2023

On the 2nd of March ManiaExchange experienced an isolated security incident. As a consequence services were voluntarily shut down by MX admins while the scale of the incident could be investigated.

What happened?

A crew member was targeted by an attack and their ManiaPlanet account breached. The attackers have accessed their ManiaExchange account by logging in through ManiaPlanet login and then used moderator tools to gain further access rights (privilege escalation).

Few other moderator accounts were then used to change and post troll content into some of the sites of the MX Network, which seemed to be the main objective of this attack.

During this time the attackers have been able to view the following data for a very limited amount of users:

• E-mail addresses
• Paypal transaction IDs
• IP addresses
• Ingame logins

No Paypal emails though.

Soon after the account breach, the attack was noticed and an admin shut down the websites to prevent further invasive actions. An immediate investigation was performed.

Our actions

We did not want to keep the websites online knowing data security was at stake. Therefore we decided to conduct a thorough investigation of the incident before restoring service.

The results of our investigation uncovered vulnerabilities which we have removed now with new site updates. Additionally, we removed the possibility to login and have access to moderator functions using external login methods (like Ubisoft or ManiaPlanet).

Afterwards our efforts concentrated on restoring data lost or changed in the incident to its previous state. That required a thorough, and therefore time-consuming, inspection of the databases.

With security increased and data recovered, we were able to restore the sites less than 24 hours after we initially took them down. More actions to further increase security will follow.

Affected users of the breach have been informed.