Comment by f6v
4 years ago
OP: tells a sad story of how their infrastructure has been hacked
Also OP: has no https on the web site
Anyway, the story gives strange vibes.
4 years ago
OP: tells a sad story of how their infrastructure has been hacked
Also OP: has no https on the web site
Anyway, the story gives strange vibes.
The manager of the company (we can guess likely the CEO since it's a small startup) was infected by a trojan that stole passwords from his computer, but they're certain it didn't infect the network because they "wiped the hard drive." And it couldn't have got to user data because that's hosted in the cloud. Of course the fact the login details are likely on infected computers makes no difference at all...
Yeah usually I am the first to grab my pitchforks against tech giants like Google but the devs are only telling a one sided story here and their business looks far from legit, and that team of amazing devs doesn't seem very competent either if they keep installing trojans.
And note the timing. I suspect the hack did something evil to the deployed version and Google picked up on it.
Note that I am the "OP" as in I posted the link to HN but I am not the author or the developer whose story this is about.
Regarding https, looks like the parent comment linked to the "www" version of their site. Their non-www version does have https:
https://6acegames.com
Not defending the author's cleanliness or shadiness, just pointing out the facts.
Very sloppy for it to not even do a 301 redirect though. Even if you use one of those basic website builder services they will do that as standard.
Decided to run SSL Labs on the site out of curiosity[1] and they still have TLS 1.0 activated as well. That's just poor SSL config. A software company supposedly made up of talented coders should know way better.
[1] https://www.ssllabs.com/ssltest/analyze.html?d=6acegames.com
They do mobile games, not webdevelopment.
I don't think so. Doing mobile game dev is very different from going web dev + system admin work.