General Discussions

I just wanted to let everyone know that CHEAT HAPPENS servers are NOT AFFECTED by the recently announced Heart Bleed exploit. Our site does not support and actively blocks SSL traffic and so there is no way to utilize the exploit. Our servers also do not run any version of openSSL.

Please note that if you visited OTHER SITES which were vulnerable and you use the same login or password here on CH, then it's possible that your account could become compromised. We recommend changing your password once you have made sure that all of the sites you visit have been patched to fix the Heart Bleed bug. As always, we monitor very closely all account activity on our site and will quickly notice if any accounts have been compromised and the credentials spread to the Internet. If this becomes the case, the accounts will be deactivated until we can confirm the activity with the original account holder.

Please post here if you have any questions.

What encryption scheme do you use (out of curiosity because OpenSSL is by far the most popular and used to be thought of as pretty secure).

And now for the nuts and bolts. I hate to be asinine, but do you outsource any user data such as billing info or use a third-party payment processor? If so, which vendor do you use and what does your minimum security standard agreement with them look like as far as their encryption scheme for any of the data from CHU users they may store? If you do use an outside database vendor, do they use OpenSSL to store/validate data and have they implemented the fix if they do?

Oh, I forgot to ask this. If, on the off chance a CHU account is compromised, will you send the user an email or is it up to the account holder to contact you? If so, is there an email address we should use and what sort of documentation will you require? I've been an unlimited member for a fairly decent number of years and I know for a fact I do not have the receipt anywhere and if the account is compromised am I assured that my secret questions and answers are not compromised as well if those are required to prove ownership? Basically, short of having the purchase receipt, how is one to prove ownership? IP addresses, MAC addresses, hardware ID numbers, stuff like that?

This is new to me. Aint even had anything from any of the sites I use about this issue.

As to ownership. IP Addresses can not be really used as proof. Since not all ISP give users have a dedicated IP. Many users on that ISP can use the same IP. Mac address, I would not even give that to anyone except my ISP. If you have bought Unlimited or Lifer Membership. The recipt is the one thing that should be taken combined with the email you use for the account. As Proof. Generally am hoping it keeps records of pass emails used with the account so it can show what changes have happened.

[Edited by Toki, 4/10/2014 3:48:21 AM]

We do not employ any type of SSL encryption on our site. Our payments are processed by Authorize.net and PayPal.com. You can contact them directly for the status of their websites, but it's my understanding that they were not affected.

If we end up disabling any accounts, the original paid receipt or transaction ID may be necessary to prove original account holder details.

Ok, cool. Thank you.