ComplusCP: Database Breach


Speedy CPPSHQ has just discovered a database breach that has occurred on Complus CP. Bringing you this story first.

Before we continue with this post, we warn all CPPS users who registered with Complus to change their passwords immediately, and make sure their password is not similar to any password used on Complus CP.

The breach consists of a total of 1103 accounts, but only consisting of usernames and m95 hashed passwords. With the claimant of the database breach known as ‘TehRedz’.

We bring you this news as it breaks, as this CPPS database has been publicly available for more than a month, although when speaking to the team, they managed to take down the leak multiple times, although it has sprung back up again.

Above is a sample of the contents of the database. We have blurred out the md5 password hashing to protect user personal information.

We put this to the test, and was able to break into accounts, including one staff account. All information was collated and sent directly to the ComplusCP team, which has processed our findings and have agreed to work with us, in resetting all accounts within 24 hours, along with notifying all users via their official blog on a security breach.

If you created an account on ComplusCP before February 23, and your penguin ID is between 1-1103, your password has been leaked, and we strongly suggest you to now change it, if used elsewhere. Many CPPS moderation accounts across a total of 4 CPPS’ have also seen to have their password the same in the leaked database, and Speedy CPPSHQ has now alerted them to change them immediately. This also includes Camden, who through our test on CPPS.me, used the same password in this leaked database, to their CPPS.me moderator account, which was the cause of his account being hacked a few weeks prior.

Although the length of the time it took for action to be taken before Speedy CPPSHQ got involved, we had discussed with the owner of Complus, Shaun, and he has now agreed that action should now be taken to protect all users on his CPPS along with the CPPS community by processing password resets.

We would finally like to remind you to make sure your password is not re-used, if it was previously used on ComplusCP.

Speedy CPPSHQ Administration 



1 comment