Security breach

Nomad
June 19th, 2016 18:20

Due to a security breach we alert our users to a possibility that accounts could have been compromised and recommend a password change for everyone.

Earlier today we found an intrusion into our main webserver. This led to parts of our database being stolen, including user data.

The attack got in via a compromised admin account, and an exploit in some old legacy code on the site. This led to remote access to our main webserver, from where access to the database was possible.

The bad news is that the entire user database was dumped. The only silver lining is that all passwords were protected with bcrypt, a strong hashing algorithm that makes mass password decryption attacks unviable. We however still regretfully have to ask you all to change your passwords, as a targetted attack even on bcrypt encrypted passwords is a possibility.

Furthermore all users have been auto logged out of their accounts as a security meassure.

We are terribly sorry about this incident, and no one is more sorry than me personally, you entrust us all with your data, and we should keep it safe. It is not good enough, and we take full responsibility.

I will instruct the entire programming team to focus on tightening up security across the entire site, but for everyone affected, I realise that this is of little help.

All we can do is say sorry, and hope you will still trust us in the future.

If you have any questions or concerns, write them below and I will do my best to answer.

#1
 | 
Nepal blackieJESUS 
damn hltv :/
2016-06-19 18:20
lol
2016-06-19 18:22
#359
 | 
Croatia MikadiN 
How to even change passowrd here. Can't find it.
2016-06-19 22:42
How to even grammar here. Can't find it.
2016-06-19 23:44
#382
 | 
Croatia Makz_CRO 
first of all, he mistyped a word. secondly, and just to put it out there, not everyone has flawless knowledge of the english language. and for last, suck a bag of dicks you yellow teeth garbage. you deserved my rage more than he did yours. good day
2016-06-20 02:32
#400
 | 
Germany MrMaxiKing 
+1
2016-06-20 08:37
first of all, you're a third world BRICKHEAD. secondly, and just to put it out there, everyone should have flawless knowledge of the english language. and for last, go EFF yourself you racist yellow teeth garbage hater. You deserved my rage more than he did yours. Good day!
2016-06-20 09:05
Croatia is a third world country? Just because you don't recognize a flag doesn't make the country a third world country, dipshit.
2016-06-20 10:33
Croatia is certainly a third world country. Because you're a CEMENT SKULLED fool, and I'm an American, this makes me right. and FUCK THAT BAGETTE
2016-06-20 20:58
expected low IQ from murican
2016-06-20 17:25
what a salty idiot you are
2016-06-21 11:46
dont be a bloody wasteman ya cunt. he prob knows more languages then you punk bitch
2016-06-23 21:44
Don't worry Nomad, we still love you.
2016-06-19 18:21
#279
 | 
Europe tvbanan 
Nomad, it's okay. We dont have here some interesting info, or some top secret stuff. it's just ours hltv profile we click on everyday and do some comments :)
2016-06-19 19:52
Don't say for everyone. Hackers hacked HLTV to get accessto my account to detect my real flag. Thet's some vital information you know...
2016-06-20 13:46
#422
 | 
Europe tvbanan 
so you are saying you are not HONKONG ? :OOOOOOO
2016-06-20 14:25
fuck anyone who bans me 4 no reason
2016-06-19 20:32
Ohhhhh, that. Yea, you are supposed to be banned.
2016-06-19 23:15
stfu fatty
2016-06-20 00:57
You just turned a 6 year ban into a 60 year ban.
2016-06-20 04:44
bet u posted a letter to get first comment then edited to that noob
2016-06-19 18:21
sherlock holmes here guys
2016-06-19 18:33
no shit
2016-06-19 19:47
#63
 | 
Europe Pl4yed 
expected from hltv, that is why I use my smurf password here
2016-06-19 18:25
this is why ence lost to brazilians, hackers did it, in reality score is opposite
2016-06-19 18:39
Great, I had to make a new account. But overall, what keep this from happening again? A firewall only lasts so long.
2016-06-20 05:18
lol
2016-06-19 18:20
#4
Turkey ioNNN 
gg
2016-06-19 18:20
#5
 | 
Portugal SidneiGama4 
ok
2016-06-19 18:20
n1
2016-06-19 18:20
#7
 | 
Iraq 4st 
rip
2016-06-19 18:20
#8
 | 
United States EdwardMcGreg 
i was don't know this details
2016-06-19 18:21
my paypal just got hacked, thanks hltv
2016-06-19 18:31
i was don't know this details
2016-06-19 18:22
Then you're a retard for using the same password on hltv.
2016-06-19 20:19
ofak
2016-06-19 18:20
lol
2016-06-19 18:20
wat
2016-06-19 18:20
#13
 | 
Iceland _natas_ 
Preben what have we done wrong ? Is this because we are not from Denmark ?
2016-06-19 18:21
#14
Germany ynck 
keylogger lost my hltv account
2016-06-19 18:20
#15
 | 
Argentina ZaraLarsson 
WHAT
2016-06-19 18:20
oh noes
2016-06-19 18:20
fuck
2016-06-19 18:20
#18
KIZMO | 
Finland kizmo 
RIP
2016-06-19 18:20
#19
 | 
Hungary Shaperz 
rip
2016-06-19 18:20
rip
2016-06-19 18:21
#21
bENNY | 
Europe Naitee 
damn
2016-06-19 18:21
#24
rain | 
Lithuania Lu/K/G 
OMG I LOST MY PC
2016-06-19 18:21
#25
 | 
United Kingdom Recks 
expected
2016-06-19 18:21
i dont care XDDDDD
2016-06-19 18:21
lurpiss tried to hack
2016-06-19 18:21
ok Im calling flusha
2016-06-19 18:21
lol no one cares if their hltv account is hacked
2016-06-19 18:21
#259
 | 
United States MAY0 
If you have your email linked and you use the same password for your email then rip
2016-06-19 19:38
then you are retard
2016-06-20 13:56
KEYLOGGER Kappa
2016-06-19 18:22
so what is the hacker avaiable to see? passwords?
2016-06-19 18:22
Username, email and a strongly encrypted version of your password - en.wikipedia.org/wiki/Bcrypt
2016-06-19 18:22
it's sad only because hacker was available to see your email, only it is, but I wish you good luck with fight vs hackers :)
2016-06-19 18:28
What about email address?
2016-06-19 18:28
Was leaked. :(
2016-06-19 18:29
#126
 | 
Brazil minimovz1 
search engine apparently not working
2016-06-19 18:33
#170
 | 
United States L0MAA 
ya i got a bunch of junk emails about hot single brazilians in your area all yesterday lol
2016-06-19 18:43
wow.... just wow... email and password leaked. Nice work :(
2016-06-19 18:44
can i come and work for you ? i code
2016-06-19 19:00
If you can come to office in Denmark every day, we can talk about it :)
2016-06-19 19:00
actually i can .. waiting for my severance pay from sap and i might move to denmark . hows the work culture at hltv :D
2016-06-19 19:02
I try to make it as horrible as I can for my employees, but I do not always succeed!
2016-06-19 19:02
can we watch matches while we code .. i just need to know this bit
2016-06-19 19:04
Rarely any matches on during our workday ;)
2016-06-19 19:04
ill be writing to you via hltv when i get my cheque . looking forward to it . will send linkedin/resumes everything later .. okay ?
2016-06-19 19:07
what savages will stick with my current job & "working from home" during big LANs ;D
2016-06-19 19:39
I can code too! Make me an offer! :)
2016-06-19 19:39
#111
 | 
Syria feetbanana 
i know the guys dat did it they were just joking
2016-06-19 18:31
so what's my email adress
2016-06-19 19:40
#373
 | 
Syria feetbanana 
didnt get the dump yet first i will hack handbanana one
2016-06-20 01:03
#117
Hobbit | 
Spain Alser 
So I guess we should beware for social engineering and phishing to our email acounts? :/
2016-06-19 18:32
Yes, but I think we should always be aware of that though.
2016-06-19 18:32
#127
Hobbit | 
Spain Alser 
True, thanks for fixing it quickly.
2016-06-19 18:35
#243
 | 
Europe Pl4yed 
Just a quick question, why isn't there an option to recover an account with it's email? I see an option using the username, but I don't remember my old username...
2016-06-19 19:11
So now hackers can shitpost my from my account?
2016-06-19 19:05
Is there a reason as to why after changing the pass and having it set as remember me it keeps asking me to login again every time i leave the site and come back? Ive already signed in 3 times and all is well up until i leave the site and come back
2016-06-19 21:24
Stop using incognito!
2016-06-20 06:03
2016-06-20 21:16
oh no seems like they hacked my POLISHFAKEFLAG3RDWORLD account, what do i do now :(((((((((((( RIP
2016-06-19 18:22
password changed!
2016-06-19 18:22
Is okayy, we still love you guys :)
2016-06-19 18:22
#37
 | 
Germany 1criT 
At least steal the ads instead of the user data
2016-06-19 18:22
#284
 | 
Israel Encryp7eD 
lol
2016-06-19 19:56
xD
2016-06-19 20:29
Expected
2016-06-19 18:22
RIP
2016-06-19 18:23
RIP
2016-06-19 18:23
How do you even change your password? Its not on "edit profile" like you would expect.
2016-06-19 18:23
yes it is u noob xDDDDDDDDDDDDDDDDDDDDD
2016-06-19 18:23
So "Password" and "Password again" is supposed to mean change your password? Only someone who doesn't read English properly would expect that.
2016-06-19 18:33
stfu BOT offensivefarmer :XD
2016-06-19 18:33
Hows puberty working out for you?
2016-06-19 18:34
good XD
2016-06-19 18:35
its in "edit profile" under extra
2016-06-19 18:25
Yeah I can only seem "password" & "password again" wtf does that do
2016-06-19 18:25
it changes your password.
2016-06-19 18:32
it didn't even say the password had been changed though + it doesn't even require your old password? waatttttttttt
2016-06-19 18:32
ikr pretty bad coding, i tried changing through there too, but then after that i still had to use my old one :D *edit* works now
2016-06-19 18:38
it looks like this, yes. chrome asked me if it should change my password on this website so i think it changed.
2016-06-19 18:34
well fuck haha, I hope it changed
2016-06-19 18:35
it gave me an email with a new password wtf and the password is totally random like "dvc2rduif" wtf hltv :(
2016-06-19 19:08
lmao wtf is going on
2016-06-19 19:09
[*] hltv but it makes me laugh because there is totally nosense at that xD
2016-06-19 19:10
ripe
2016-06-19 18:23
#45
XANTARES | 
United Kingdom Weldo 
god damn SWEDISTAN
2016-06-19 18:23
Rip my 16k comments
2016-06-19 18:23
#48
NEO | 
Romania Prometeu 
what if this post is fake? how do we know wich admin account was compromised?
2016-06-19 18:24
#49
 | 
United States MAY0 
What could one do with hltv account info?
2016-06-19 18:24
shitpost oh wait
2016-06-19 18:25
:DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD
2016-06-19 18:33
Hack your email
2016-06-19 18:27
#86
 | 
United States MAY0 
Ah didn't think about that ty
2016-06-19 18:28
They could expose all famous users
2016-06-19 18:28
fak rip me
2016-06-19 22:13
Who :>
2016-06-19 22:21
cygaN_m
2016-06-20 14:30
some people use the same password on multiple sites instead of using a password vault someone on here with password123 is probably having gay porn images posted on his facebook wall right now
2016-06-19 19:41
#265
 | 
United States MAY0 
People like me FeelsBadMan same password for everything since 2005
2016-06-19 19:41
get this: pwsafe.org/ you can use your current password to unlock the password safe & just have random 16 character passwords for each site
2016-06-19 19:59
#293
 | 
United States MAY0 
Thanks mate I'll start using it...cheers from America
2016-06-19 20:01
Good job thanks a lot
2016-06-19 18:24
#51
1mpala | 
Ukraine he-he  
So are you sure there's no backdoors left? Since everyone needs to login again, and hackers could sniff unencrypted plain passwords during this process
2016-06-19 18:24
#52
Denmark DMGZ 
Damn :o
2016-06-19 18:24
Thanks now I have to change 100 other passwords... And how hard is the encryption? Can they still find the password of me or is it near to impossible? Kinda weird since you guys force a fuck ton advertisement and a promote gambling but still dont have the security top notch...
2016-06-19 18:24
why u would have to change other passwords? u use same name for other things? XD
2016-06-19 18:26
Yes, I use danlord for the most things. Except for steam and other accounts where I have real real money.
2016-06-19 18:27
hahahaha... same password same name for everything.. LOL NOOB!
2016-06-19 18:27
Well not exactly same passwords... But I have no clue why somebody would for example hack my reddit. My reddit is btw different (DanlordNL) but its almost the same. And for some websites I use lastpass.
2016-06-19 18:28
It's just a way to remember more easily.
2016-06-19 18:30
Daniel, I must admit that I like Danlord more over xScorxPiusx or TheZwerfer14.
2016-06-19 22:03
You see how easy it is :( But I am happy daniel is my internet name and not my real name ;p Hence why my name is daniellord aka danlord. and my steam is phone protected so nobody is ever going to get my steam >:) :D
2016-06-19 22:07
They'd need to brute force. Anyone using common passwords are probably already compromised (password123, PA55word etc). The rest depends on your password's complexity howsecureismypassword.net/
2016-06-19 19:43
lol if you type password123 it will take 1 month, my password takes about 10 seconds lol
2016-06-19 20:36
just because password123 isn't in the list of commonly used passwords the site checks...would probably be in the hacker's list I guess
2016-06-19 20:49
#395
 | 
Turkey beniskam 
165 million years ayyy
2016-06-20 07:29
I forgot to say it's a keylogger, thanks for your skins ;D
2016-06-20 08:52
#404
 | 
Turkey beniskam 
i dont have skins lol
2016-06-20 08:56
not anymore ;D
2016-06-20 09:25
it's not directly reversible but the hackers can run a common list of passwords through bcrypt and find any matches in the database basically if ur password is password ur fucked
2016-06-19 22:56
Well my password is like a random combination of letters and then numbers. Odds would be kinda small that they will get 1 of my passwords. That is a good thing..
2016-06-19 23:18
FUCK YOU CHEATING HACKERS, RUINED MM, RUINED HLTV
2016-06-19 18:25
Nice hltv!!! Fucking idiots
2016-06-19 18:25
lost my virginity
2016-06-19 18:25
#58
 | 
Israel selukvey 
I DID!
2016-06-19 18:25
IS THIS HAPPENS BECAUSE WE ARE FROM HLTVIA????
2016-06-19 18:25
can't even find a change password feature on edit profile?
2016-06-19 18:25
Its where it says "password" and "password again"
2016-06-19 18:26
So should we change our email passwords too?
2016-06-19 18:26
#97
 | 
Canada wizQ 
ONLY IF YOU'RE A sad cunt.
2016-06-19 18:29
if you use the same password as you did here. If so...don't do it again pwsafe.org/
2016-06-19 20:52
Rekt
2016-06-19 18:26
I don't have enough energy to change my password xD
2016-06-19 18:26
same
2016-06-19 19:18
since you mentioned it's an admin Account how can u possibly know if it's hack or an attack from the inside ?
2016-06-19 18:26
#69
 | 
Finland jayss 
ok
2016-06-19 18:26
my paypal just got hacked, thanks hltv!
2016-06-19 18:26
no prob, gl
2016-06-19 18:26
#74
 | 
United States TruthEmbargo 
You should have a professional test the site for any sort of possible intrusions at least twice a year, this is extremely cheap and easy to get done.
2016-06-19 18:27
HACI IS BACK
2016-06-19 18:27
#78
Denmark polo 
pw changed i'll try not to lose it again ;)
2016-06-19 18:27
as soon as I downloaded the app and registerd an account with hltv.org (to be able to use the app in the first place -.-) I made sure to use an old throwaway password, expecting something like this to happen.. but I didn't expect it to be so soon :|
2016-06-19 18:28
hltv doesnt need a good password... although some people bet on this site and the hacker can maybe all in on for example teamflyingdicks vs fnatic so you lose all the money/coins.. HLTV is just not good enough for betting with money security wise. It is only because of the ez money for nomad & co but they dont seem to care that kids will get gambling addictions.
2016-06-19 20:57
yeah I agree with you on some parts of your comment, and I really don't use a "good" password anyway.. it's just that you need a hltv account to be able to login to the iPhone App and use the push service for news notifications .. at least if they haven't changed it in the meanwhile. I'm not into betting so I really don't pay attention to the whole thing, besides i use uBlock to cancel out most of the ads and betting features anyway. just feels bad for the rest of the users that may be using multiple accounts with the same password (even if most should be aware thats a stupid thing to do)
2016-06-19 21:20
Sorry but I am not going to use a complete different password for each website and game. Yes lastpass is maybe good but it doesnt fill in certain games and such... I might start using lastpass again though.... even on hltv.
2016-06-19 21:23
#80
Hobbit | 
Spain Alser 
password changed Email recovery didn't work btw, had to change it from "Edit Profile". I don't know if this is the case for everyone
2016-06-19 18:28
#81
 | 
South Africa OrionS 
RIP
2016-06-19 18:28
I'm probably just blind but where do I change my pass?
2016-06-19 18:28
In edit profile, in the "Extra" section, simply set your new pass there, and save it.
2016-06-19 18:28
thank you, Nomad
2016-06-19 18:29
Nomad, can you tell me where can I change my email? I mean the actual email where the site will send me an email if I forget my password.
2016-06-19 19:55
IT WILL BE YEEARRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR RRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRRR RRRRRRRRS BEFORE YOU CAN HACK ME ~Papa Dunk
2016-06-19 18:28
#89
Sweden JKLY 
xD
2016-06-19 18:28
This breaks my achy breaky heart :(
2016-06-19 18:29
my password for hltv is unique so im saved ;P
2016-06-19 18:29
inb4 our passwords will be on darkweb market
2016-06-19 18:29
Shouldn't you be able to catch those criminals?
2016-06-19 18:31
I'm working on it!
2016-06-19 18:39
2 months from now "WELCOME TO NEW LEADING COUNTER - STRIKE SITE WITH AWESOME PLAYER STATS"
2016-06-19 18:29
#98
World m4x3 
password changed! There should be a password change button on the homepage thou.. for easier access
2016-06-19 18:29
Good that I used a weak password on a weak site then xdd
2016-06-19 18:29
xddd
2016-06-19 18:31
We have a minor issue, so hang tight, we will be back soon!
2016-06-19 18:29
wow ok i am lucky i use throwaway password xaxaxa
2016-06-19 18:29
0€ balance on PayPal now, ty guys
2016-06-19 18:29
BileDani can afford the damage.
2016-06-19 18:31
He is poor af, I make 50 000€ / month
2016-06-19 18:33
But do you get 360girls a year?
2016-06-19 18:34
Yes
2016-06-19 18:41
okay.
2016-06-19 19:06
If I use the same pass on my email and here should I change both?
2016-06-19 18:30
yes.
2016-06-19 19:49
rip me
2016-06-19 18:30
god damn it nomad get your shit together
2016-06-19 18:30
#108
 | 
Poland Marcines 
rip hltv
2016-06-19 18:31
gg
2016-06-19 18:31
#114
 | 
Europe gen0s 
well shit
2016-06-19 18:32
#115
 | 
Greenland duedue 
:( saderinho
2016-06-19 18:31
#116
 | 
Russia Reph 
rip hltv
2016-06-19 18:32
Keylogger lost my users database.
2016-06-19 18:33
hey m8
2016-06-19 18:34
wtf r u want peasant?
2016-06-19 18:37
stfu I fuck ur daddy
2016-06-19 18:38
nt low evul japan citizen. The red dot in our flag is your daddy anus raped by me.
2016-06-19 18:39
lol im evil japan president
2016-06-19 18:44
U r the official evil japan clown.
2016-06-19 18:45
stfu now son
2016-06-19 18:48
nt my favourite toilet cleaner.
2016-06-19 18:52
#128
 | 
Czech Republic MrM4sl0 
Cannot even change my password from that code what I got nice HLTV.
2016-06-19 18:33
Go to edit profile, it has two password fields.
2016-06-19 18:34
#139
 | 
Czech Republic MrM4sl0 
I did already 4 times. But I still have to log with code.
2016-06-19 18:36
Not sure exactly what you are saying, you go there, change it, but still have to log in with your old password?
2016-06-19 18:35
#142
 | 
Czech Republic MrM4sl0 
Yes
2016-06-19 18:35
#185
 | 
Brazil vicTHOR 
may a pay a fuck with you? how many?
2016-06-19 18:47
#130
XeqtR | 
Hong Kong wqnxy1 
keylogger, lost finish esport organisation ENCE eSports
2016-06-19 18:34
IF I'LL LOSE ANYTHING, I'LL SUE YOU, KTHXBYE
2016-06-19 18:34
sorry,it was me
2016-06-19 18:36
"old legacy code" cant you use your fucking skin money to update documented vulnerabilities?
2016-06-19 18:36
It was custom code for the site, so there were no documented vulnerabilities in it. It was forgotten as it was an old admin feature. It is no excuse, but it was not some remote code execution thing.
2016-06-19 18:37
Even far more secure sites where they have more money than these guys get hacked, simply put it happens so calm your tits, I've had countless emails from places like ubi saying they had a breach and to change my pw, guess what I've never changed my pw and fuck all has happened, just because a guy dumps everyones details doesn't mean your life is over, welcome to the internet.
2016-06-19 19:11
HLTV.org is great - time after time they have proven they are on the community's side. Immediately when they get compromised they let us know which is always stressful and difficult to do.
2016-06-19 18:36
hltv REKT gj thank mr breaker
2016-06-19 18:37
np m8, was ez.
2016-06-19 18:43
I don't know how all this works, but do they have our E-Mails now as well?
2016-06-19 18:38
Hello?
2016-06-19 19:53
yes. Hltv names emails and the encrypted version of ur password. But easy passwords with less than 8 letters / numbers will be decrypted like instantly I guess... it depends on what computer / server the hacker has.
2016-06-19 21:01
did they get access to our IP addresses?
2016-06-19 18:38
you wot? why do they need ip adresses from random users?
2016-06-19 18:46
If i get ddosed my internet wont work for the next 2years until they install fiber optic. So yeah don't want to risk that.
2016-06-19 19:00
best move house to be safe m8
2016-06-19 20:54
lol
2016-06-20 21:01
i blame that faggot that keeps posting csgoat.com spiderman code. i think he is behind this shit
2016-06-19 18:39
Do they have the passwords already? Or i need to change any password that is the same as my hltv account? Please answer.
2016-06-19 18:40
They see your email, Username, and a heavily encrypted version of your password, so in theory if they wanted to crack the encryption they could, but it would take time. Though I still would recommend changing up passwords
2016-06-19 18:42
u should assume it will go public and you shouldnt be too worried unless you know. out of ~750k accounts a guy can choose to try logging in with the leaked email and password the chances of ur info getting used is id say pretty slim unless the guy sets up a login bot or something similar, (i think this opart is hard, google has that human verification thing after all)or some guy is targeting u specifically. i did this with the leaked MT accounts. it was fun peeking inside other people emails but gets pretty stale after some time(especially considering the userbase, it was full of anime stuff u know) but other people are not me, they might use ur email to register to porn sites xddd
2016-06-19 18:55
:(
2016-06-19 18:40
1. Is the database public? 2. I can't get a password reset email for my main _beaN_ Thanks,
2016-06-19 18:41
#163
Australia BCP 
youre not perfect, these things happen every now and then. hope this wasnt too damaging
2016-06-19 18:41
#164
World gLp 
I hope you used a strong random salt with a decent cost parameter
2016-06-19 18:42
RIPinPeperonis
2016-06-19 18:42
#166
AdreN | 
United Kingdom Lonom8 
My house exploded thanks hltv
2016-06-19 18:42
Maybe start using httpS?...
2016-06-19 18:43
Wouldn't have done anything in this case.
2016-06-19 18:46
sure, but it is easy to implement with letsencrypt for example
2016-06-19 18:53
It is a bit more complicated because of our various push services, we are working on it.
2016-06-19 18:53
push services are garbage, I just like going to the top of the page & seeing the red count
2016-06-19 19:46
The scorebot for instance is push too..
2016-06-19 19:47
ok, that I like. bookies work fine with it + https though
2016-06-19 20:00
Yes it is possible, just in our current set up we need to make some changes first, it is on the todo.
2016-06-19 20:01
if the UK goes to shit after EU referendum I can be your dba, 80k euros np
2016-06-19 20:02
Thats socket.io Right?
2016-06-20 06:15
Why not have 2FA enabled on at least accounts with higher levels of access?
2016-06-19 23:51
oh no what if someone takes my precious hltv acc
2016-06-19 18:43
I mean like... what's the benefit?
2016-06-19 18:45
You should watch out they could try to breach the site again, and remove the old code as fast as you can, i hope you guys fix everything :)
2016-06-19 18:46
#182
 | 
Belarus Starvoid 
#pray4hltv
2016-06-19 18:46
tbh i dont even know my password
2016-06-19 18:46
did they use an sql injection?
2016-06-19 18:47
No.
2016-06-19 18:47
nah, im too lazy to change it you can might as well take my acc haxors
2016-06-19 18:47
#194
 | 
Germany TiwaZ 
k
2016-06-19 18:50
#GG
2016-06-19 18:48
How can we be sure that nothing like this will happen in the future?
2016-06-19 18:49
We can't.
2016-06-19 18:50
#196
 | 
Germany TiwaZ 
you cant. Everything that can be created can be breached.
2016-06-19 18:50
rich people problems
2016-06-19 18:49
:(
2016-06-19 18:49
Were the passwords salted?
2016-06-19 18:54
Yes, heavily, google bcrypt for more details.
2016-06-19 18:53
#211
BnTeT | 
CIS IphoneX 
1. Do they also have email history or something like that or just the current e-mail used on the account ? 2. And related to the passwords, do they only have a hash or something like that ?
2016-06-19 18:58
Only current email. They are hashed and salted with bcrypt.
2016-06-19 18:59
That is good. Then the passwords should be safe. Good to know that you are focusing on security from now on. You should probably enforce encryption on all personal data you posses, aswell as access controll restrictions in your RDBMS to start with.
2016-06-19 19:09
There were restrictions, but they got in via the main webserver that for obvious reasons needs to have access. I will instruct my crew to set up even more strict security, new lessons were learned.
2016-06-19 19:09
#217
 | 
United States TruthEmbargo 
While that helps, it certainly hasn't stopped plenty of hacks previously, this includes the use of bcrypt. Two rules for any website use: 1: Always use a unique/throwaway password per site 2: Don't enter an email if you're not required to For example, instead of cracking the bcrypt hashes directly (which would be insanely slow), there's way more efficient approaches that I wont detail. I'm quite certain that with time someone will crack all these passwords, there's plenty of articles explaining the process =/
2016-06-19 19:00
2016-06-19 19:51
#371
 | 
United States TruthEmbargo 
I'd rather not put the link out in the open, just for good measure. (PM me if you want it). But it wont be many years until encryption is useless, in time computers will have so much power than they can crack all these combinations in a few days, including all the hashes associated... Encryption is all about computing power. Nothing more.
2016-06-20 00:33
rip all the money in my hltv account :(
2016-06-19 18:51
EZ 4 ENCE
2016-06-19 18:52
#204
 | 
Brazil mexicowss 
lost my 1k user id account ;(
2016-06-19 18:54
i dont remember my password how to change it?
2016-06-19 18:55
#207
 | 
United Kingdom FEodAL 
anyway to get back old account without email reset? havent received an email yet which means used very old email
2016-06-19 18:55
nice one got acc back after relogin!
2016-06-20 03:19
#424
 | 
United Kingdom FEodAL 
still cant reset password, do not receive the email for some reason, can anyone have a look?
2016-06-20 17:01
hahahahhaah hacked by lizard squad
2016-06-19 18:55
how did you find out the database got compromised ? as well as how did you find out where the exploit came from ?
2016-06-19 18:59
Some odd traffic. Logs showed how the exploit was done.
2016-06-19 19:00
Alright, fair enough. glad you could work this out.
2016-06-19 19:01
no please dont steal my 1-7numberguy accounts :(
2016-06-19 18:59
rip xD
2016-06-19 19:00
#221
India vU^ 
Sorry Nomad, I won't do it again.
2016-06-19 19:00
my hltv account can get hacked? oh noes
2016-06-19 19:04
bullshit HLTV
2016-06-19 19:05
ISIS ATTACKING HLTV RIP
2016-06-19 19:05
RIP lost my pc
2016-06-19 19:05
RIP MY INVENTORY
2016-06-19 19:06
Again!
2016-06-19 19:06
Might not be useful with HLTV but you can check if your email has been compromised in any website here : haveibeenpwned.com/ Anyway guys, use different passwords for each site to be safe even if one site get hacked ;)
2016-06-19 19:07
now i know why all my knives are gone...
2016-06-19 19:12
any idea on the # of accounts they got data of? still thanks for the heads up on this.
2016-06-19 19:13
All of them sadly, the entire table was dumped.
2016-06-19 19:25
All I need to know if they have my email address or not. Do they? Or is it just the username and password?
2016-06-19 19:48
They have emails too.
2016-06-19 19:48
#294
 | 
Israel Encryp7eD 
nvm
2016-06-19 20:11
thanks for the quick response :) will make sure to swap out passes on everything
2016-06-19 22:25
Np, i will change my password from 12345 to 123456
2016-06-19 19:17
"All we can do is say sorry, and hope you will still trust us in the future." Why would we? you just showed how incompetent you are. Who would ever trust in a site like yours with some super secret password, you just have to use completly different nickname and password than in any other game
2016-06-19 19:23
#250
 | 
United States TruthEmbargo 
Plenty of sites gets hacked, the big ones with IT departments worth millions, and the smaller companies. There's no way to completely protect yourself in the world of today. Anyone can penetrate any security, any computer, any software.
2016-06-19 19:26
Boy, this things with websites is not like you might imagine: perfect! It's human made. So *everything* is human made, is crackable.
2016-06-19 19:32
#256
 | 
Singapore Nephalith 
Things happen. PSN was hacked by Anonymous a couple of years ago, obviously a few users were wary thereafter but that doesn't mean SONY is incompetent. To be fair, this was the first major security breach here. It's just unfortunate that this had to happen. I trust Nomad and the guys to get this sorted.
2016-06-19 19:37
Bad example. Sony was incompetent. Iirc they had the breach revealed to them, did nothing and were hacked again. Your point is right, though.
2016-06-20 01:59
did you use plain php to write the website, or some kind of framework?
2016-06-19 19:26
how the fuck can someone exploit my HLTV account against me? why would I care if it's stolen or not
2016-06-19 19:31
I guess the problem would be if you had yoru e-mail on here and the same password as the one you use to your email, paypal etc.
2016-06-19 19:57
nah, at non-important sites I use very simple passwords, while emails and other important stuff i use different capitalisation symbols etc.
2016-06-20 09:21
Yeah, it was more of a general point. That's how they can use peoples hltv accounts against them.
2016-06-21 00:54
Nomad prepare to be sued I'm calling all 5 of my lawyers for this
2016-06-19 19:36
that happens when you are not ban the faggots around here. half of them are mental sick
2016-06-19 19:36
Is it true that a sex tape of nomad was released?
2016-06-19 19:37
it was on pornhub but got removed due to beastality
2016-06-19 19:52
rip my 27k profile hits :(
2016-06-19 19:38
#263
 | 
Europe k3nny/// 
ez 4 ENCE
2016-06-19 19:40
gg
2016-06-19 19:47
how much?
2016-06-19 19:50
is it too late now to say sorry?
2016-06-19 19:50
ez 4 ENCE
2016-06-19 19:53
Good to hear you use bcrypt at least You should add in bold to the post: Anyone using the same email/password or username/password combinations on other websites should also update their passwords on those sites also
2016-06-19 19:54
+1
2016-06-19 20:03
#287
suNny | 
Finland m1skaa 
"an exploit in some old legacy code on the site" Was this the nomad.hltv.org or something like that? I remember there was a thread about it some time ago
2016-06-19 19:57
No, it was some stuff in an admin part of the site, since it was not user facing it was forgotten. The code in question was more than 10 years old, and sadly of a different quality than what we write these days.
2016-06-19 20:00
hijacking this cmt so u read it: 1.) on saturday i was playing matchmaking and i got kicked to desktop when google chrome suddenly opened the hltv main page. my browser was closed! before. any explanation? im a bit worried... this is not a joke. 2.) i changed my password on an other account which is not banned back in december. it somehow didn't work out and my acc was lost since then. i contacted several admins + send mails and the account is still "frozen", because i don't receive emails when i reset and the password which is 100% correct (saved in keepass) does not work. can u finally give my acc back? :(
2016-06-20 09:08
Does this mean my private messages sharing child porn links and project7 hacks have been compromised? I just hope HLTV does not log IP addresses with the user data.
2016-06-19 20:00
not the first time, how many times more will it happen?
2016-06-19 20:02
#298
 | 
United Kingdom Theodoooore 
Thanks HLTV, now I have a reason to change all my passwords using keepass :D
2016-06-19 20:09
nomad i lost my wife now because of it, thanks retard
2016-06-19 20:17
thanks god i dont bet. My account has a value of 0,0.
2016-06-19 20:20
Same pw/email as my paypal. Changed PW. Nomad please don't let this happen again!!!!
2016-06-19 20:21
The fact that you use the same pw/email at multiple websites, shows how much you care about security. Don't try to blame it on Nomad.
2016-06-19 20:23
True, but I don't expect my information to be leaked because your site was stupid. Think about that now, hm?
2016-06-19 20:26
First of all, this is not my site. Second, large companies as LinkedIn got hacked as well last month, where hundreds of million usernames and passwords got leaked. These companies have invested millions in their security, but still couldn't manage to prevent the breach. LinkedIn had their passwords encrypted with a much weaker SHA1 encryption, which shows that Nomad is handeling security better then a billion dollar company. If you want to check if your credentials were leaked anyplace else, I highly recommend to take a look at a website like haveibeenpwned.com. And for your password, use a password manager like 1Password or LastPass.
2016-06-19 20:30
ok well, 1st of all i'll accept the rek. and ty :)
2016-06-19 20:34
Why didnt the emails get bcrypted? That would be quite usefull.... Or the passwords more encrypted than bcrypt And what does it matter that other bigger companies get hacked so its fine you also got hacked? They have like proper hackers that try to hack them this could be a 12 year old kid that hacked the site (for example) and who would even care to hack hltv.org... And also hackers could get in peoples account that bet on here with csgofast.....
2016-06-19 21:13
Please note that I am not associated with the HLTV organization in any way. Emails are never encrypted since these are unique ID's to the user. (users can't have the same email but can have the same password) The fact that big companies got hacked, shows that being hacked is inevitable; it is a question of when you got hacked, and not if you get hacked. People on HLTV are mostly young and not that aware of security. I am sure that many people use the same credentials at HLTV as they use at other websites. Nowadays, people are storing more and more money online (skins, bitcoins, paypal etc.), and by hacking their credentials, attackers have a chance they are able to rob them. bcrypt is a good hashing algorithm. I suggest you watch this clip to learn more about it: youtube.com/watch?v=O6cmuiTBZVs
2016-06-19 21:34
#320
 | 
Poland sajlent 
+1
2016-06-19 20:37
2016-06-19 21:00
When did the attack took place?
2016-06-19 20:23
Around midnight CEST.
2016-06-19 20:27
Pretty solid detection time. Good job on bringing everybody up to speed on such short notice. (and thanks for using bcrypt)
2016-06-19 20:36
#305
FalleN | 
Brazil ToRu 
i lost my house why hltv
2016-06-19 20:23
Got extremely worried there. As I use the same password for one of my email accounts on HLTV. Checked which e-mail I have linked to HLTV "dsfsdfsd@memes.com" CHECKMATE CUNTS
2016-06-19 20:28
got worried too but I have like 10 hltv accounts :)
2016-06-19 20:31
LUL rip lost my car and gf
2016-06-19 20:30
fuck... here goes my 250gb child porn collection in my email
2016-06-19 20:30
Doubt that someones gives a shit. Who in the world would keep personal data in a gaming website? Only a total moron I guess.
2016-06-19 20:31
They know your password & your email, they could get into there = get into basically everywhere.
2016-06-19 20:58
WE MAY BE RETARDED BUT WE LOVE YOU PAPA NOMAD <3
2016-06-19 20:35
Do you know how long approximately would it take with a really good computer to decrypt a bcrypt encrypted password?
2016-06-19 20:40
You can't give a proper answer to that, since it depends on the hardware being used, the password length and if there is a fixed salt or not (and if they have discovered that salt during the hack). Normally, a password's safety is based on two factors; 1. Money. If cracking the password is more expensive (hardware wise, power etc.) then it is rewarding, then it is unlikely that the hacker will put that much effort in it. 2. Time. If the information which will be revealed when the password has been cracked, is outdated by the time a hash is successfully cracked, the crack is useless. Moneywise, people often use the same emails and passwords at most places, and therefore it is rewarding if they find some paypal addresses, steam accounts with skins etc. But HLTV does have a large amount of data and cracking it all won't be cheap. Timewise, HLTV reacted in about 18 hours after the hack, which results in a narrow time window for the hackers to crack the passwords. People have been noticed and are now able to change all the passwords, which is bad news for the hackers. When unique salts are present, the hackers need to crack hashes 1 by 1, resulting in a long time to crack such large amount of data (too long if you ask me). If HLTV discovered the hack after a month by example, the consequences would be more severe.
2016-06-19 21:23
I don't think it matters how long it took HLTV to react. Hackers probably (I mean, like.. definitely) downloaded the data, and they now have it on their systems. So.. even if you change your HLTV password, they still have your old bcrypted password. Sure, that means that they won't be able to access your HLTV account anymore, but if you used the same password on HLTV that you use on your e-mail, they have an infinite amount of time to decrypt old passwords and try if they work on e-mails.
2016-06-19 21:38
Indeed, and there is the time wise factor again. By releasing a statement, people have now been warned that their credentials got stolen, and are now able to change their other passwords as well. This way, the information they got, have decreased in value and it became less profitable for them to continue with the crack. Of course I am aware that some users won't read the warning or too late, but the active user group is warned. In my opinion HLTV did a good job on protecting the password's with bcrypt. People who are eventually affected by this hack, should blame themselves for using the same password at multiple places.
2016-06-19 21:46
#325
Gr4vity | 
United Kingdom Remen 
lost everything to this.-d23
2016-06-19 20:52
how the fuck do i change password
2016-06-19 20:56
Press your name on the top left side, and click 'Edit profile'. It is located under 'Extra'.
2016-06-19 21:00
REAL KEYLOGGER Kappa
2016-06-19 21:01
/sigh
2016-06-19 21:17
/ez @hltv.org
2016-06-19 21:25
dont worry about it. probably any new bet/jackspot site pay some hacker to steal all user database and mails for spam our mail box with their shity ads
2016-06-19 21:34
2016-06-19 21:39
noob
2016-06-19 21:50
how do i even change my password????
2016-06-19 21:46
"In edit profile, in the "Extra" section, simply set your new pass there, and save it." or refer to #90
2016-06-19 22:14
#349
 | 
Turkey LineSon 
admin tryed to download aimlock
2016-06-19 21:47
Is there any chance you will be hiring an attribution team to attempt to apprehend the individual(s) responsible for this data breach?
2016-06-19 22:02
Memories of hltv.org/blog/6559-sorry-guys Hope to hear from your Nomad <3
2016-06-19 22:14
lmao who gives a shit about a hltv account
2016-06-19 22:58
#363
 | 
Finland mayrakoira 
0 care
2016-06-19 23:03
LUL
2016-06-19 23:42
Np. See you in court
2016-06-19 23:50
Did u identify the country the attack came from:
2016-06-20 00:06
#374
 | 
Argentina YH!one 
Fucking HLTV..
2016-06-20 01:05
expected, noobs, thanks for that, Kappa
2016-06-20 01:07
HELP GUYS HLTV AFFECTING IRL
2016-06-20 01:37
*This user has been hacked*
2016-06-20 02:02
i think you should compensate me in skins, thanks
2016-06-20 02:25
Why didn't you force password reset on all accounts? Wouldn't that be best practice? I don't see what logging everyone out does if the passwords that were dumped remain the same.
2016-06-20 02:58
USA will sue you now gj
2016-06-20 03:20
2016-06-20 03:39
what does it mean?
2016-06-20 09:21
yee_lmao is hacking hltv holyshittttt
2016-06-20 04:48
yee_lmao confirmed
2016-06-20 06:58
its obviously yvr
2016-06-20 07:37
WOW this is so unprofessional by HLTV..... How even u can let this happen... ??? U Guys should have proper security for the same.What if any person's paypal or email got hacked then... ? Who the fuck is responsible ??? TELL ME THAT NOMAD ???
2016-06-20 06:55
#394
 | 
Panama 666tentacion 
i lost my main acc a long time ago.. and every time i try to recover the password it says... bad email tied to the account cant recover password... what should it do about this?
2016-06-20 07:06
RIP my smurf acc got VAC'd thx hltv
2016-06-20 08:10
so uh, what exactly would anyone gain by stealing my fucking HLTV account?
2016-06-20 08:29
its because u are from BULGARIA
2016-06-20 11:44
#399
 | 
Slovakia DRUGI 
I lost my wife... thank you hltv
2016-06-20 08:31
thanks God that my pass is 123
2016-06-20 08:43
Ul guys, ty for not being a pussy.
2016-06-20 08:44
Dear Nomad, First of all, you did a great job recovering this situation, it's not your fault. It's unlucky that you had to deal with it. I hope this will makes you stronger. I suggest you to add some SHA-1 (256/512) or DSHA-1(512) to increase security to the website. Would it be possible to double-authenticate in the future ? Best Regards,
2016-06-20 09:19
SHA-1 is one of the weakest encryptions out there. SHA-256 or SHA-512 would be better, but is still vulnerable for a dictionary attack. If you take a look at gist.github.com/epixoip/a83d38f412b4737e.. you can see the average brute-force speed when working with 8x a GTX-1080 (one of the fastest graphic cards to date). There, you can see that a SHA-512 hash does have a brute force speed of 8.624.000.000 hashes a SECOND, while bcrypt is brute forceable with 105700 hashes a second. In my opinion, the best way to secure account at HLTV, is to replace the original password login with steam account authentication.
2016-06-20 09:35
md5 lets go ._.
2016-06-20 10:36
Yes, SHA-1 is one of the weakest ever made. I know that some banks like Swisspost, use SHA's encryption with double anthentications. Yes, steam authentication would be much more efficient than any other encryption system made by the webmaster himself (at least for now [not judging webmaster but steam has people working on security fulltime]) Thanks you for your fast answer Mirrinn, Have a good day.
2016-06-20 13:39
they cant do anything even if they know my mail pw and i dont give a damn about hltv so i wont change
2016-06-20 11:54
Good thing my password in here is from like 2005 or whenever it was site this site opened up, and hasn't been in use anywhere else for like 8 years.
2016-06-20 12:47
eh it happens
2016-06-20 13:42
If from my account gets posted some shit plase don't ban me. Those are hackers..
2016-06-20 13:54
NA Security
2016-06-21 11:49
hltv always fucking around
2016-06-21 11:57
Wait, isn't that happened not first time already?
2016-06-21 16:33
ok
2016-06-21 22:50
-
2016-06-21 22:56
By the look of it, security is not HLTV's concern. Not asking the old password when changing it is an aberration. I hope you plan to rethink the whole thing. =)
2016-06-22 14:06
It says bad email tied to the account... Could it be that a few years ago no email was required to sign up?
2016-06-22 23:56
Login or register to add your comment to the discussion.