Technic has been hacked (a bit)
Scroll down for updates!
One of our scripts which periodically checks if the Tekkit Legends modpack has been updated has been going crazy last night. So when I woke up, I got about 100+ mails that there has been an update.
This led me into doing some research so I opened up technicpack.net which presented me this:
which in most cases means „something bad is failing“.
A quick research on Technics official Discord got me these info’s:
So to sum this up shortly, one of Technics admins accounts (may it be their Solder or platforms account) has been compromised and the person who got access started deleting modpacks. Most likely the official modpacks which caused our script to recognize the change within five minutes. To avoid any further damage and investigate into the issue, the Technic team shut down the servers temporary.
We wish you the best Technic team, as admins and server owners ourselves we know the struggle!
Everyone shall show their understanding and don’t force them to work faster, please be kind to them.
Update 20160626 11:35 CEST:
sct posted some insight on Discord:
Update 20160626 13:15 CEST:
Update 20160626 13:30 CEST:
And yes the Launcher is back working:
Update 20160626 13:55 CEST:
Some more info’s from sct.
We (Unitedworldminers) also recommend you to change your passwords if you used the same password on Technic as you use on your Mail, PayPal, Amazon, eBay etc. account. Changing passwords is never a bad idea!
Update 20160626 14:00 CEST
Their Discord chat in #general has temporarily been disabled (for the better!). So as before grab some snacks and just wait.
sct is working on fixing all remaining issues. Grab a cup tea or coffee, keep you feet calm and let him work. Please don’t ping him or ask for ETA’s.
Update 20160626 19:52 CEST
It works! The landing page looks a little different, but it works!
You are directly presented with a new login screen featuring 2FA (two factor authentication) as well as reCAPTCHA, a mechanism to prevent brute-force attacks.
Once you login, you are forced to reset your password. This is a step of precaution as mentioned by sct before. This does not mean that your userdata has been compromised.
The trending section has been reset and shall get back to it’s normal state in a few hours.
I assume we can say that all has ended well after that trouble. Big thanks to sct for fixing and greatly improving Technics security within a few hours. Also big thanks to all the moderators and helper on Discord!
Update 20160627 12:29 CEST
About 16 hours ago KakerMix posted this official statement:
Why The Downtime?
Yesterday an admin account was compromised within the Technic Platform software we use. Our servers, databases and other assorted ‚very important‘ things were NOT compromised, only the internal software we use to administrate the Platform itself.
The result of this was someone used the admin account to grant a brand-new account admin access, and then went around deleting packs and changing emails to accounts. Immediately this was noticed (you can’t just delete the most popular user-created modpack of all time) and the servers themselves were shut down by me. Thus, the 503 page everyone saw for the last 12+ hours.
I want to be clear that our passwords are hashed and salted and can’t be accessed from the Platform software. An admin can change passwords but can’t see what the current passwords are.
The result of this now is that the last day or so has been erased from the Platform’s memory and it thinks it was around 24+ hours ago. Our security has been re-done and now we offer various features. The most important one would be 2-factor authentication. It’s available for any user in your profile page if you’d like to use it (and I’d suggest you do if you run any sort of business ventures with your modpack/servers). As far as another issue happening like this it should be very unlikely as admin accounts within our software can no longer admin other admins which prevents specifically what this attack did.
UWM had a real-time account of all this as it happened if you are interested
As for why we were attacked? There is a lot of money that is moved around because of the Platform. While we at Technic don’t run servers or accept donations, server operators use the Platform to serve their customers. Because of this there is real value that can be targeted when it comes to modpacks, servers, rankings and the accounts attached to them.
Thanks for all your guys’ patience with us as we dealt with this issue. We’ll be keeping an eye out as always for anything weird that happens and hopefully have prevented other attacks that use this avenue.
Some additional info’s from KakerMix (sorted from latest to newest):
You want to stay up to date? Feel free to join us on Discord, pressing „Connect“ below.
Quickfixes (not needed anymore, go download your packs using the Technic Launcher like you normally do):
- To play Tekkit Legends, download this zip and extract it’s contents to your Tekkit Legends root (/main) folder. After this restart your Technic Launcher and click on „Play“.
- To play Tekkit Main, you need to install Forge 1.6.4 first (just run the installer). After this, extract the mods folder of this zip into your Minecraft’s installation of forge.
- To play Tekkit Classic you need to have it in your Technic Launchers modpacks. If you do, click on „Modpack options“ –> „Open“ and make a backup of all contents. After this, download this zip file and extract the contents from the tekkit folder within the zip file to your modpacks folder (the one you have opened and backed up before). If your zip application asks to replace files, click on accept. After the files have successfully been unzipped, you shall be able to click on play. Thanks to Killdore21 for providing the files.
- To play Tekkit Lite you need to have it in your Technic Launchers modpacks. If you do, click on „Modpack options“ –> „Open“ and make a backup of all contents. After this, download this zip file and extract the contents from the tekkitlite folder within the zip file to your modpacks folder (the one you have opened and backed up before). If your zip application asks to replace files, click on accept. After the files have successfully been unzipped, you shall be able to click on play. Thanks to GermanMilkaKuh for providing the files.