Transparency

[wifi]

don't have much to add but just wanted to offer my support to all of this. i'm not online much these days so i wasn't affected by any of the reversals but the lack of communication on the admins' parts is... not encouraging in regards to the site's future, to say the least.

i usually drop $5-10 bucks on c$ every month for the new store item/pet sets but this month i just traded for some with offsite currencies and tbh i'll probably keep doing it that way if things keep up like this :/

makes me sad to see cs end up this way; i basically grew up on here but nostalgia can only take a website so far...

[bubbaberriboo]

boosting + support, whatever. the fact there are users still asking what happened in this very thread says a lot. i am beyond disappointed with how the situation has been handled and it continues to get worse. some BASIC communication would be so nice, not aggressively talking back to users who express sincere concern, and seemingly dismissing VALID complaints and criticisms. the fact that admin assistants do not have announcement perms BLOWS MY MIND. the fact that some of the mods seem unaware of what is happening BLOWS MY MIND. it seems like the staff can't even communicate amongst themselves.
i am heartbroken to see a childhood staple of mine fall so harshly.

[Darni]

M-m-m-m-mega BOOST / SUPPORT!

I said on another thread that when this first happened and I asked around on places outside CS and a little on CS Forums that the biggest part of all this was misinformation and having barely any communication about the facts of the situation with staff. I ended up DMing back and forth with a staff member after receiving a message from them about something I posted (I did an oopsy) and they said something about they didn't have the context on things. I felt really bad because I know it's not on them to know every single thing happening, but that was like a couple days before Nick's update on that one forum and it was strange that a staff member didn't have the context about these things as well.

I was first told when this happened that CS security was breached, then I was told it was a cloud service leak and then Nick said something about other sites with pet collecting / forum games (ex: Neopets) having their security breached and it was accounts being hacked that had the same password on both sites. I just want a clear answer on what happened and I don't know if we will ever get that, but hopefully next time (PRAYING FOR NO NEXT TIME AND THIS NEVER HAPPENS AGAIN THOUGH) a mass email and announcement are IMMEDIATELY put out. There are still A LOT OF USERS that have no clue this is happening because they don't look at forums about this or they're on the Oekaki part of CS most of their time.

Edit:
I just read this and oh my god that's so terrible and I'm sorry you didn't get notified EITHER OF THE TIMES you were hacked what the heck is that

like i literally logged in, saw everything in my account was messed up, frantically submitted a help ticket asking for any sort of information, and the response i got was "oh yeah u got hacked twice lol"

[SpiritWish]

Huge support

[pandaa]

Massive support!!!!!

[Celozon]

Just a general reminder to remember to stay on topic to this thread, I've been seeing some posts that seem to just be using this thread to continue conversations from other now-locked threads.

I will address a few things here but as a lot of things just keep getting re-hashed I probably won't continue to reply unless I have something new to say.

In regards to tickets;
I know a lot of you don't like hearing this but I will say once more that if you have specific questions about the situation, I strongly suggest sending in a ticket. Much of this situation is handled solely by the admins and I cannot answer many of your questions. But I can direct your ticket up to them so that they can give you answer (if they have any they are able to give at this time). It may take several days to receive a response as obviously our team is rather busy right now with everything that is happening and the admins are already receive higher numbers of tickets than normal along with that, but it is our policy to always answer tickets.

Additionally I have been recommending users wanting more info on what has been happening in general to send in a ticket because many replies on threads around the forums are prompting a lot of unnecessary fear and concern about certain situations. Obviously accounts being compromised is a concern, but I've been seeing a lot of misinformation or misleading statements that seem intended more to scare people than actually let them know all of the publicly available information. As such I have been suggesting sending in a ticket instead to get the information from staff. I do not have an issue with allowing users to tell each other about the situation as long as they are being given all the currently available information, and not just what one person personally has the biggest issue with. (for example, only telling people about the C$ debt without letting them know there are options available to fix it)

What most people are missing regarding this situation (because it has not been shared publicly) is that hackers are using other site's compromised security to target users who had passwords retrieved from offsite breaches previously. Therefore, as the people who are in danger are part of a previous breach, they should have been more aware and taken the adequate protection measures for their account (i.e changing their password to something unique bc CS doesnt offer more layers of protection atm). The fact that they didn't do so put them in jeopardy, not chickensmoothie's security. So, they shouldn't create drama on an issue of security that was already in development (according to staff accounts).

At least this appears to be the line of thinking from the staff given their actions.

I have not seen any staff say that a user is personally responsible for knowing if their password has been compromised, or anything of that sort. We have suggested checking sites that can tell you if your email and password may have been compromised because its a good idea to do that. We have told users they should have a unique password for CS because its a good idea; it protects you from your password being compromised elsewhere. Users have asked what they can do to better protect their account and we have provided some options. This is a good internet security practice regardless of the current situation. Obviously it is up to the user to do that themselves but we are not blaming anyone for their account being compromised. Clearly there were some things CS could also do to help stop it, and some measures have already been put in place to do so.

Agreed. When Flight Rising, for example, recently caught an attempted hack, they immediately locked the whole site down and KEPT USERS UPDATED in real time on Twitter as to what they knew and what they were doing. Granted, that WAS a threat of security breaching of the actual site, not a user's account being hacked individually due to a reused passwords. But the protocol of locking down potential threats when seen, and moreso, of INFORMING the player base as things progress, is standard for MOST games and is essential to keep everyone informed, safe, and yes, happy.

I would just like to point out that this example is a wildly different situation in terms of internet security. CS itself is not suffering a direct attack. Additionally a direct attack on a site such as in this case is likely to compromise a large number if not all of the accounts on the site so of course the entire site should be shut down to stop it and be informed of it. I'm not saying CS shouldn't have an announcement even for a small number of accounts being compromised, but please don't relate an entire site being compromised to a few accounts due to breaches on other sites.

I still stand by my idea that C$-debt should have never been a possibility as players did not know that the C$ they spent was not rightfully theirs. (But I do understand where the staff is coming from and why they rather players either remain in debt or give the pet/items to the pound, I am not fully-against the idea as it does get players out of debt, and they technically lost nothing if they give the pets/items that was purchased with the C$ to the pound. But what if the player no longer has the pet/item? What if the player was generously giving the C$ to other players as gifts?)

I know I've said this before but even if a person's situation doesn't seem to have an easy solution, please have them send in a ticket anyway. I cannot speak to the admins but they may be able to work with the user to find a solution that best fits their situation. I can't give contingency options for every single possibility as obviously there are a lot of different possible situations here. And considering how uncommon this situation is as a whole it may simply need to be handled on a case-by-case basis. That is up to admins, which are best contacted about it through a help ticket.

But if ChickenSmoothie is not compromised and it is due to a data breach on a different website. That would mean that players are still at risk of having their accounts hacked, and players are still at risk of going into C$ debt/losing the pets/items they adopted as there will be reversed trades. (unless players change their password. It would honestly be better if a mandatory password change was required)

As of the most recent announcement, older and inactive accounts now require you to confirm your email address before you can log in. Many of the compromised accounts had been inactive for years, this directly addresses that (and I can confirm it, my younger sister by chance tried to log in today after many years and had to go through that process). Any active users should see the notification to change their password if they have not changed it recently. And as said in the announcement there are more things in the works, these things take time and all I can say is to have patience.



As said, I am probably not going to continue to reply unless I have something new to say. I will say that if anyone would like to contact me through PM, if just that they feel more comfortable asking questions in a private setting, you are free to do so. Though essentially all the info I can give on the situation I already have here or elsewhere. Best I can provide is to help explain the official stance on things at this time.

And because this reminder is seems to be needed; this post is made in my capacity as a moderator in an attempt to make certain information more clear. This is not a reflection of my personal thoughts on the situation. My only intention here is to help users by informing them of what I can and clear up anything they may not have been fully aware of.

[Lex.]

Huge support.
Since I joined in 2019 things were still the way they are now. Even the same people. /nay /nbr

Also, this would really help lower ranks of staff. They need to be kept in the loop. I've had 2 instances where I've had to let staff know about a situation because they had no idea and the thread wasn't locked/deleted.
When something like 6/28 happens, staff should be at least notified about the situation. If not us, then why not those with the responsibility to mod/regulate the forums.
Hope this makes sense. Also, I agree with everyone's statements!

[ActualWoodelf]

Huge support.
Since I joined in 2019 things were still the way they are now. Even the same people. /nay /nbr

Also, this would really help lower ranks of staff. They need to be kept in the loop. I've had 2 instances where I've had to let staff know about a situation because they had no idea and the thread wasn't locked/deleted.
When something like 6/28 happens, staff should be at least notified about the situation. If not us, then why not those with the responsibility to mod/regulate the forums.
Hope this makes sense. Also, I agree with everyone's statements!

Agreed, transparency can ONLY help the community--the ENTIRE community, mods included. The more answers that are voluntarily given early on, the better we can all work together.

[Animall]

Posting to BOOST!

@Celezon
All of the concerns of misinformation would be solved with full transparency. Staff posting in these threads, although slightly helpful, is not transparency. Forcing us to send help tickets for understanding is the opposite of transparency. Forcing users to be active, avid forum readers to know whats happening is not transparency. An annoucement needs to be made (+ emails sent out) in order to halt the misinformation and secure accounts of inactive users. I really do appreciate all the information you are providing, its really helpful, but its not enough. CS needs to be loud and honest about what is and isnt happening. Without that, we are left to our own devices to figure out whats going on.

[Cygnetta]

Forcing us to send help tickets for understanding is the opposite of transparency. Forcing users to be active, avid forum readers to know whats happening is not transparency.

Yes, it's counterproductive to make users send in help ticket questions about the same things. It would be better to have an announcement connected to a thread / threads to discuss these things that won't be locked. That way people can see others post their same questions and get answers, and people can get an idea of what is going on.

Also, one big reason why people are discussing issues from locked threads is because so many users still don't understand. I see a lot of users not understanding the proposed solution to C$ debt, and while this can be annoying, they really need answers to their questions and correction of their misconceptions, not a shut-down and locked thread. It doesn't hurt anyone to continue the discussion. And if it really comes down to it, it doesn't hurt anyone for users to respectfully express their disagreement.