tooting

FSL Website hacked ??

Recommended Posts

Posted (edited)

Hello

I have an app on my phone called web alert.  Just Pinged up to tell me a change on fsl website.  So theres me thinking the 319 has been released.

go to website see this...

 

 

 

Edited by w6kd
Mod: removed image with hacked website data

Share this post


Link to post
Share on other sites
Help AVSIM continue to serve you!
Please donate today!

Posted (edited)

The site now specifically states: "Hacked by RandomRedditor – For FSL crime against customers and internet communities"

Wow people really have nothing better to do?

 

Just want to point out it wasn't me. I don't own any FSL products and have no knowledge of how to even do such a thing

Edited by DaveS
Clarification
  • Like 1

Share this post


Link to post
Share on other sites
Posted (edited)

I agree Dave.

just as I thought that 319 was going to come out. hopefully they will get their website back running properly.

Edited by tooting

Share this post


Link to post
Share on other sites

They claim to be in possession of client data and serial numbers...if that's true and they gonna release it to the public...oh dear, not much imagination is required to predict how this is going to end

Damn, this whole thing has escalated quickly 😕

Share this post


Link to post
Share on other sites

"Hacked by RandomRedditor – For FSL crime against customers and internet communities"

And... to probe our point, lets hack such user's data and threat to expose it... /s

Makes me feel ashamed that i share a hobby with a person so despicable to carry this out. If you are reading this, i hope to see you behind bars in a not so distant future.

Share this post


Link to post
Share on other sites
Posted (edited)
6 minutes ago, Woozie said:

They claim to be in possession of client data and serial numbers...if that's true and they gonna release it to the public...oh dear, not much imagination is required to predict how this is going to end

Damn, this whole thing has escalated quickly 😕

i dont see what messing with the website or customer data achieves.  we all want the a319 to come out.  now these bozos hackers do this 

Edited by tooting
  • Like 1

Share this post


Link to post
Share on other sites
1 minute ago, tooting said:

i dont see what messing with the website or customer data achieves.  we all want the a319 to come out.  now these bozos hackers do this 

tit for tat ? eye for an eye ? i dont know really, but just like you i want the a319 out real badd !

its so sad whats happening to this company 😕

They make great aircraft addons !

 

Share this post


Link to post
Share on other sites
Posted (edited)

Kind of puts the mass hysteria and toy throwing that we witnessed in these forums and others into perspective, doesn't it?

Edited by DavidP

Share this post


Link to post
Share on other sites
14 minutes ago, tooting said:

i dont see what messing with the website or customer data achieves.  we all want the a319 to come out.  now these bozos hackers do this 

I'm more worried about the fact that sensible customer data has been "protected" using easily exploitable security methods....The A319 is going to be their least problem at this time

Share this post


Link to post
Share on other sites
1 minute ago, Woozie said:

I'm more worried about the fact that sensible customer data has been "protected" using easily exploitable security methods....The A319 is going to be their least problem at this time

data such as email addresses or credit card numbers ?

Share this post


Link to post
Share on other sites
Posted (edited)
7 minutes ago, tooting said:

data such as email addresses or credit card numbers ?

No CC information, as the vendor shouldn't have possession of it (its with the payment provider) and this information is encrypted

However, as they have a customer verification check on their forums, i suspect the hackers got hold of forum user data including serial numbers. Not such a big deal as you are required to user your full name as forum name anyways...

They would have to re-issue new serial numbers and block the compromised ones, but if i recall correctly they are registered in Greece....they may be in GDPR hell now...

Edited by Woozie
  • Like 1

Share this post


Link to post
Share on other sites
Posted (edited)

I can't even access the download section of the site.  That means I can't get liveries for the A320.  Wonder if I should delete the A320 from my computer.

And right on the eve of the Expo. too.

Edited by Dreamflight767

Share this post


Link to post
Share on other sites
Posted (edited)
2 minutes ago, Woozie said:

No CC information, as the vendor shouldn't have possession of it (its with the payment provider) and this information is encrypted

However, as they have a customer verification check on their forums, i suspect the hackers got hold of forum user data including serial numbers. Not such a big deal as you are required to user your full name as forum name anyways...

But if i recall correctly they are registered in Greece....they may be in GDPR hell now...

so just email addresses and serials numbers then ?

and just explain briefing GDPR to me, this is all the emails ive got recently regarding "your customer data" 

Thanks

Edited by tooting

Share this post


Link to post
Share on other sites

only sad lonely individuals would waste their time doing something such as this

Share this post


Link to post
Share on other sites
Just now, tooting said:

so just email addresses and serials numbers then.

and just explain briefing GDPR to me, this is all the emails ive got recently regarding "your customer data" 

Well that's just a guess, i dont have any more information than everyone else, but i would be surprised if the hackers got access to actual e-sale data, as thats usually much better protected. 

Yes, thats because of GDPR 😉 In a nutshell, its a whole bunch of laws and directives based around protection of data, with major focus on citizen data. Every business within the European Economic Area (not just the EU) has to obey to these laws.

Share this post


Link to post
Share on other sites
Posted (edited)

They posted on there FB page.

Edited by Wise87
  • Like 1

Share this post


Link to post
Share on other sites
Posted (edited)
24 minutes ago, tooting said:

so just email addresses and serials numbers then ?

and just explain briefing GDPR to me, this is all the emails ive got recently regarding "your customer data" 

Thanks

GDPR is pan-European regulation (affects ANY company doing business with european individuals) that governs how companies and organisations handle and protect your personal data.
This includes direct personal data such as your name, social security number and home address, but also indirect data like IP-address, membership ID# and mobile phone number.

Services that you are using must now offer 'Privacy by default", which means that companies must ASK for your consent to collect anything about you, such as website cookies. Default state is not enabled.
GDPR empowers the individual. Offers you the right to be forgotten, the right to demand who has access to your personal data within a company

Moreover, the fines are very hefty for being in gross violation of GDPR. 20 million EUR or 4 % annual turnover, and security breaches (such as what just happened at FSL) MUST be reported within 72 hours.

Edited by SAS443
  • Upvote 2

Share this post


Link to post
Share on other sites
Posted (edited)

Thankyou Niklas.  and this is because of cambridge anaylitica and facebook i guess then ??

 

 

Edited by tooting

Share this post


Link to post
Share on other sites
7 minutes ago, tooting said:

Thankyou Niklas.  and this is because of cambridge anaylitica and facebook i guess then ??

 

 

No origination started in early 2016.

Share this post


Link to post
Share on other sites
6 hours ago, Woozie said:

They claim to be in possession of client data and serial numbers...if that's true and they gonna release it to the public

Are you referring to the 'hacker(s)' or FSL themselves? If the company, they only captured one individual's data: the pirate who released the cracked version to various pirate websites.

  • Like 1

Share this post


Link to post
Share on other sites
Posted (edited)
6 hours ago, Woozie said:

Every business within the European Economic Area (not just the EU) has to obey to these laws.

Not true! Every company, institution or organization, who process, obtain or store data from citizen who reside in countries, which are member of EU/EEC, have to obey and abide by these laws. 

The fines are also considerable, if a breach or leak of data happens. The given company, could be fined from €10 million to €20 million or 2-4% of their annual revenue - whichever is higher. Depended on the size and/or seriousness of the breach. The actions of the company is also taken into account, when determining if, how and when a company should be subject to these fines.

I have read the regulation and have worked quite extensively with GDPR at work. 😊

Edited by Anders Bermann

Share this post


Link to post
Share on other sites

Things like that hurt the entire FS community, not just FSLabs. 

  • Like 1

Share this post


Link to post
Share on other sites
2 hours ago, Anders Bermann said:

Not true! Every company, institution or organization, who process, obtain or store data from citizen who reside in countries, which are member of EU/EEC, have to obey and abide by these laws. 

The fines are also considerable, if a breach or leak of data happens. The given company, could be fined from €10 million to €20 million or 2-4% of their annual revenue - whichever is higher. Depended on the size and/or seriousness of the breach. The actions of the company is also taken into account, when determining if, how and when a company should be subject to these fines.

I have read the regulation and have worked quite extensively with GDPR at work. 😊

In practice the fines are much lower than that,  very rarely above 100k, most likely  around 10-20k. And that is if they have been found guilty of negligence.

From what  I see in the screenshot on the first post the passwords are encrypted so at least the user accounts are safe.

Share this post


Link to post
Share on other sites
9 hours ago, thibodba57 said:

No origination started in early 2016.

You learn something new every day. Cheers for that 

Share this post


Link to post
Share on other sites
25 minutes ago, 238932 said:

In practice the fines are much lower than that,  very rarely above 100k, most likely  around 10-20k. And that is if they have been found guilty of negligence.

Time will tell, what will be set as legal precedence. Currently there is none, since the law haven't been used in practice (yet). So to state that the legal fines are smaller than what is potentially dictated by the law, is a bit premature and remains to be seen. Also, it's in general up the individual authoritative instance in the giving country where the leak/breach is detected, to assess what disciplinary actions should be taken.

We'll see... I wouldn't rule out, that the fines could be that high in serious cases.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now