CHANGE THE CS SECURITY SYSTEM

[Lullamoon]

Literally had no idea any of this was going on until just now even though I pop on a few times a day to check pound n such.. disappointing to say the least.
I always felt CS had poor security regarding account changes etc but seeing how there’s radio silence from staff about the recent issues is incredibly alarming. Even more so reading that they’re shooting down any discussion about such events. If you’re worried about misinformation why not just release a statement? And no, I don’t count the “change your password sometimes hehe!”as any sort of communication about current issues, because it isn’t. Staff has a job here, they’re lacking on it, and it’s worthy of being addressed.

Regardless of security breaches and hacking drama, having 2FA should have been implemented YEARS ago, along with other measures. Why wouldn’t you want to secure your community? Time for some upgrades around here!

*edit*
Just went and changed my email etc.. they deactivated my account and sent an email for me to reactivate?? If I had been hacked, got this, and reactivated the hacker very well would’ve changed the password as well blocking me from ever accessing the account again. I don’t see how it’s helpful other than alerting me some stuff was diddled with since the info is already changed and the account is kinda just in limbo then from my limited understanding.

[Audrey_Bee]

snip.

While I appreciate all the effort you put into this post, I disagree with pretty much all of it and again my point has been missed.
If we talk about invalidating ones feelings then we would be going around in circles as that term is used way too loosely nowadays, I'm pretty sure no one cares *that* much. [About people's opinions, not the security issue. Verifying what I mean before that, also, is taken wrong:)]
As I said at the end, it's turning more into an argument and this post makes it even more so.
Just agree to disagree and remember not every discussion will end with everyone being on the same page. People will have different opinions and that's okay

[General Chaos]

-snippy snip-

Also, there are plenty of threads just for new users.
Forum/viewtopic.php?f=22&t=4852861&hilit=pets+for+newbies
Forum/viewtopic.php?f=22&t=4866901&p=142020827&hilit=pets+for+newbies#p142020827
Forum/viewtopic.php?f=22&t=4817907&hilit=pets+for+newbies#p140651788

-more snips-

I do want to kind of pull attention to this.

My biggest issue with what's been going on is people weren't allowed to make threads to help those who lost stuff. Due to "excluding people." I even have a friend that made a thread dedicated to helping people that got put into C$ debt level their acc back out, and it got locked.

So, why are these threads not allowed but newbie grabs are?? That's excluding people, right?

Disclaimer:: Not saying to get rid of these newbie adoption centers, I love seeing people help newbies, but let us give stuff to those who lost stuff due to hacks/data breaches as well. It just makes sense.

[VESSEL_mp4]

-snip-
Forum/viewtopic.php?f=22&t=4875901&start=10
This thread was made to give users back pets that were taken from them in the reversed trades. It was locked due to

You may not create adoption centers or host giveaways that exclude users or only allow certain users to adopt.

And yet people can give pets to solely new players n not be hit with this excuse? (I'm not saying they should as it's insanely helpful, it's just annoying how it gets brought up in this situation..) This was locked before any official announcement.

hi! as the person here I'd really like to give my two cents c: this is in no way meant to bring harm! I'd just like to bring another perspective into this discussion!

I agree that the locking of my topic was a bit iffy considering there are a lot of topics that are specifically for newbies, but at the end of the day I just opened a new one with an option for others to adopt and it kept up.
I still do feel as if this sort of rule is.....its a bit weird in my book. If you want to keep the game fair, why are newbies allowed free adoption centers specifically for them but when efforts are made to help people get back what they've now lost, its instantly taken down because its now unfair? As much as I understand rules are rules it feels like a very major double standard! :c especially with how quick it happened as well. Surely with things like this, we can make exceptions? I mean, we saw the state of the site after the hackings and how hysteric people were because of the lack of transparency (I'll get to that soon) but peoples efforts to help people both recover in pets and c$ but also just emotionally were shut down. I don't see this as very different to helping new players back on their feet. It's a kind act, two different scenarios but a kind act none the less.

As for transparency in this situation, it could have been handled a lot better. I understand you want to understand the situation before you make decisions, but no front page announcement is a bit off to me. Anything to make people more aware of the situation would have done wonders, this site is more mature than you think. We wont run around like headless chickens screaming the sky is falling! (/j) The simple announcement of "we understand there are breaches, we are working on a solution as of currently, please keep safe" would have done wonders. Instead as stated there, more topics just got locked! :c

Overall, I do not mean this as an attack on any staff included in this nor to players who disagree! I feel as if having these tough conversations are not only healthy, but needed for this site to thrive. Think of it like a relationship! You cant just have all fun and games now can you? Sometimes there comes times to sit down, assess and re-evaluate needs and wants! I'm hopeful that with these hard conversations, we'll get the changes we'll need.

[Audrey_Bee]

I do want to clarify that in my first post on here, I stated that how everything was dealt with was wrong, an announcement should have been made but they have now put forward small fixes to help and are doing more and people need to be patient but also realise that they have done more than other sites would have done and that needs to be recognised too.
The fact that people were trying to help out and had pages locked is irritating.
The whole situation was and still is a mess but the staff are trying their best and I just wish they had more support for what they are doing rather than hating on what they didn't do.

No one wanted this, we're all stuck in the same sucky boat, some more than others. But rather than be hateful towards anyone who you think has power, we just need to stick together....yanno?

[Animall]

@AudreyPotter

It was all dealt with wrong, it's still being dealt with wrong, there still hasn't been an announcement has been made... that's fine to you?

The staff have been amazing. The staff that are unpaid, volunteer their time and passion for this website, and truly love CS have put countless hours into CS... I'm so impressed by what they have been able to accomplish during these hard times on CS. A lot of anger, frustration, misinformation, and lack of information... It's a lot to deal with. For FREE. For absolutely nothing they do this for us and they deserve respect for what they've done. Massive w for them.

But they shouldn't of had to do that. Let me be the one to draw the line in the sand here.

The staff should not have been dealing with this issue. The ADMINS needed to make an announcement and take control of this situation. Instead, they sat back and let their staff on the front lines. Everyone is angry at what's going on and the staff gets the backlash. IMO this is abusive behavior from the admins. The staff are regular users with colored names and more permissions. Some of these guys I've known of since I was a child. I respect them. Staff outright told us they don't know much about what's happening at all.

Administration needs to be catching the flack here. That's where the power and the mistakes are happening.

[Celozon]

Just popping in to explain why the thread sending free C$ to people in C$ debt were locked but not ones for newbies. Per the board rules for the free adoptoion board found here there is a specifically a rule that states "You may not create adoption centers or host giveaways that exclude users or only allow certain users to adopt. The only exception to this rule is that we allow adoption centers created for new players."

We do sometimes allow exceptions to certain rules in this board but if you want to post something thats against the site rules and you think an exception should be made, you need to send in a help ticket explaining what you want to post and why you think it should be allowed. Just posting something thats against the rules and expecting an exception to be made automatically is not the right way to do it.

Regardless I doubt this sort of thing would have been allowed. I understand the intention was good but at least my own personal interpretation of the situation was many of those threads were being created and people were being sent C$ under the false assumption that C$ was 'taken' from them, without those people realizing that the people who were in C$ debt already retained something of equal value to that C$ on their account, and that site staff were providing options to relieve C$ debt (even if we could not share all of the details at that moment). The full facts of the situation were not clear to many users and at least I personally did not want people sending things out for free and later regret when they realize that the person they were helping 'reimburse' still owns whatever they paid their C$ for in the form of the pets/items/art they traded it for, and site staff had no intention to 'force' anyone to pay real money to 'pay it off'. Whether users still consider whatever they paid for the C$ to be of equal value to the C$ or not, the facts are they did get to keep something for it and if they would rather have the C$ then what they paid it for they need to contact site staff to get that trade reversed as well. There is also the obvious concern of people faking it. If this is something you personally still want to do though I suggest sending in a ticket, it’s ultimately not up to me.

[reggyy]

Just popping in to explain why the thread sending free C$ to people in C$ debt were locked but not ones for newbies. Per the board rules for the free adoptoion board found here there is a specifically a rule that states "You may not create adoption centers or host giveaways that exclude users or only allow certain users to adopt. The only exception to this rule is that we allow adoption centers created for new players."

We do sometimes allow exceptions to certain rules in this board but if you want to post something thats against the site rules and you think an exception should be made, you need to send in a help ticket explaining what you want to post and why you think it should be allowed. Just posting something thats against the rules and expecting an exception to be made automatically is not the right way to do it.

Regardless I doubt this sort of thing would have been allowed. I understand the intention was good but at least my own personal interpretation of the situation was many of those threads were being created and people were being sent C$ under the false assumption that C$ was 'taken' from them, without those people realizing that the people who were in C$ debt already retained something of equal value to that C$ on their account, and that site staff were providing options to relieve C$ debt (even if we could not share all of the details at that moment). The full facts of the situation were not clear to many users and at least I personally did not want people sending things out for free and later regret when they realize that the person they were helping 'reimburse' still owns whatever they paid their C$ for in the form of the pets/items/art they traded it for, and site staff had no intention to 'force' anyone to pay real money to 'pay it off'. Whether users still consider whatever they paid for the C$ to be of equal value to the C$ or not, the facts are they did get to keep something for it and if they would rather have the C$ then what they paid it for they need to contact site staff to get that trade reversed as well. There is also the obvious concern of people faking it. If this is something you personally still want to do though I suggest sending in a ticket, it’s ultimately not up to me.

I’m not sure if this is something you would know, but I figured I’ll ask anyways. So when returning items/pets to balance out negative C$ - say you have -20c$ would returning the items put you at +20c$ or 0? If it puts you at 0 how are you getting c$ back?

[Celozon]

I’m not sure if this is something you would know, but I figured I’ll ask anyways. So when returning items/pets to balance out negative C$ - say you have -20c$ would returning the items put you at +20c$ or 0? If it puts you at 0 how are you getting c$ back?

It would depend on the exact situation and trade that put the user in debt. What typically happens is the user receives C$ from a compromised account, and then trades it to someone else for pets, items, etc. then the trade with the compromised account is reversed and so puts them in debt, but they still have the pets, items, etc they traded the C$ for.

So for example say a user starts with 0C$. They received 100C$ from the compromised account making their balance 100C$. They then traded 70C$ for pets making their balance 30C$ (+70C$ worth of pets), then the trade giving them 100C$ is reversed. This subtracts 100C$ from the 30C$ balance causing the user to be at -70C$. The user can contact staff if they want those 70C$ back by sending over the 70C$ worth of pets they had traded the C$ for. This would make their final balance 0. The reason this is fair is because the user’s account has just be reverted back to the original state it was before they got something from the compromised account, ie they started with 0C$, they end with 0C$. This is exactly the same as trades reversed involving pets, the pets and values are all returned to their original state and account.

The above scenario doesn’t specify, but I wanted to add that this works the same if the user paid something for the C$, or gets it as a gift from the compromised account. If they did pay something for the C$, they get whatever they paid back when the trade with the compromised account is reversed, so there really isn’t anywhere in this process that something is taken without getting anything in return, except in the case of gifts from compromised accounts, which are considered not legitimate since it was not the true account owner giving those out. Obviously there can be other things that can impact this and I can’t provide details for every possible situation, but this is the most common and it can be further discussed with admins through help ticket to work out something for a user’s specific situation.

[Lex.]

@AudreyPotter

It was all dealt with wrong, it's still being dealt with wrong, there still hasn't been an announcement has been made... that's fine to you?

The staff have been amazing. The staff that are unpaid, volunteer their time and passion for this website, and truly love CS have put countless hours into CS... I'm so impressed by what they have been able to accomplish during these hard times on CS. A lot of anger, frustration, misinformation, and lack of information... It's a lot to deal with. For FREE. For absolutely nothing they do this for us and they deserve respect for what they've done. Massive w for them.

But they shouldn't of had to do that. Let me be the one to draw the line in the sand here.

The staff should not have been dealing with this issue. The ADMINS needed to make an announcement and take control of this situation. Instead, they sat back and let their staff on the front lines. Everyone is angry at what's going on and the staff gets the backlash. IMO this is abusive behavior from the admins. The staff are regular users with colored names and more permissions. Some of these guys I've known of since I was a child. I respect them. Staff outright told us they don't know much about what's happening at all.

Administration needs to be catching the flack here. That's where the power and the mistakes are happening.

Very well said. And [@AudreyPotter] I still don't know what point I missed, it would help if you just said what I "missed" instead of being vague and just hoping I figure it out. I'm really trying to understand what you mean but you won't elaborate? It's basically what the admins are doing to the users so I guess I see your standing now..

No one wanted this, we're all stuck in the same sucky boat, some more than others. But rather than be hateful towards anyone who you think has power, we just need to stick together....yanno?

But when someone had a different "opinion" from you, you made such a rude post and commented on them in such a rude way? I'm sorry, but this is just looking majorly disingenuous and dismissive. That and hypocritical.

Just agree to disagree and remember not every discussion will end with everyone being on the same page. People will have different opinions and that's okay :thumbup:

Even when differing opinions cause people to treat other like you did? At this point I don't even think I can understand whatever point you're trying to make because of that other post you posted.

I'll leave it at that.
And to tie that all back to the issue at hand, saying "agree to disagree" in this case doesn't work. In my opinion, that's just saying "Let's just forget all this and pretend it didn't happen. I mean they tried right?"
It's a lousy excuse, and things like this shouldn't have happened in the first place, and they WOULDN'T have happened if there was 2FA.

Yes, people make mistakes.
NO, that doesn't mean it's ok to have let this unfold the way it did, without a proper protocol/way to handle it while making sure people are aware AND reassuring people that things will be ok.

Agreeing to disagree just leaves the door wide open to more situations like this. And that's the LAST thing everyone wants.
What we need to agree on, is to work together as a community to make sure that we're all in this together and that we all stay notified about this things, as fast/clearly as possible.

Not only that, but admins do need to step up. I feel horrible for all the other mods/members of staff that had no control. I know that if I were in that position, I'd be stressed. And yes, some people misunderstood the roles that certain staff had. But at this point in time I hope we can all realize that General Helpers & Global mods don't control these things, Just admins [and possibly admin assistants on a smaller scale]. It's not only the users that need help, but other staff as well.

The continued emphasis on "Hey staff are human let's just chill" is bugging me, purely because we all know this already. At this stage, it just seems like someone trying to convince a child to stop crying because the bee they were stung by "didn't mean it".
Things aren't always intentional, but a negative experience is a negative experience.

For example, you're a baker teaching someone how to bake a cake. The first time, it turns out bad because they measured the flour by scooping it out with the measuring cup and packing it down, rather than using a scale to weigh it or a spoon to scoop into the cup.
You tell them what the mistake was, the correct way to do it, and the next time they know to do better.
It's not enough to just say "well, you'll get it next time", especially if you're the one who's overseeing this or in charge. You're not letting them know the issue, and just leaving the issue open ended for possibly more mistakes. It's just irresponsible as someone who's teaching someone else something, or in this case, admins with control over what happens in/with the site.

Even in real life, I believe that those in positions of power/authority have the duty and responsibility to do their job well, which includes handling situations like this as swiftly and as controlled as possible.
The lack of announcements led to the spread of misinformation. The lack of admin action led to users feeling deserted/abandoned in their time of need. Not only me, but other people's relationship with the site has drastically changed because of this. [For me, it's happened at a rate faster than I was expecting.]

Admins are people too. Of course, I understand that. But I feel like if you're an admin/boss/manager anywhere and you genuinely do NOT have the time/energy to put into your job, step down. This goes for any job/position anywhere. If you're a head nurse at a hospital you can't just sit back and let things take course. You NEED to be hands on.

If you are the manager at a clothing retail store, you can't just be sitting in the back the whole time, hoping your employees "got it". You need to be present with the employees and customers. Not only does it create a good impression of the establishment, but it makes your employees and customers feel like this is serious and that you DO care. It creates a memorable POSITIVE experience.

Lack of work/action means that everyone else has to pick up the slack that they otherwise would not have to do.
The regular staff were essentially left alone to interpret all of this. And to handle the distressed messages/concerns of users.
And the users were left to support themselves, helping one another out of debt.
And all of that has created a memorable NEGATIVE experience.

Without the users, there is no site.

I hope this all makes sense. I hope I don't sound rude or attacking, I'm just trying hard to make sure my point gets across while explaining my thinking behind it.

[None of this is meant to be rude/hostile or anything of the sort. Just heartfelt from someone who's still upset about the situation.]