We strongly recommend you change your CPPS.ml password immediately, along with anywhere else you have the same password
CPPS.ml, the CPPS that had a database dump reported just a few days ago, has been hacked once again. This new breach includes a database dump, source code dump, and information about CPPS.ml’s server structure. hashcan/Jake reached out to SpeedyCPPSHQ to report the breach, as well as provide proof. We have not been able to verify the method used to breach CPPS.ml.
I have verified that all the information Jake claimed to have stolen was indeed taken from CPPS.ml. Upon investigation, they seem to store user passwords in unsalted MD5 (which is very insecure), as well as user IPs and emails.
Given this information, CPPS.ml’s outlook doesn’t seem good. Regardless of whether it lives on, we cannot recommend that anyone play it given its continued blatant insecurities. Administrator and developer, toxic, has left the CPPS following reports of this breach.
CPPS.ml’s official comment was just this: “:L”. They have now informed users of the database breach, but have not patched the vulnerability, as they are not sure what it is yet.
Update at 7:02 PM EST: We have received exclusive word from Angelina, CPPS.ml’s founder, that CPPS.ml is now shutting down. She ended her statement with: “I give up”
More on this story as it develops.