Data Analysis #3: The arrival of Statshark answers some old questions

This vid is still available - on the channel from the guy who identifies cheaters in tanks. Iirc #713 or #731 of his series…

Might have just abused something related to the statshark account linking.

Also the video guy talks about toxic players and focusing, but doesn’t blur out names in the chat example… You can pull up the replay with all the messages. It looks like the person uses statshark pretty often based on how many sessions they have recorded. I’m guessing they linked their account to try out the live game viewer

Pretty interesting

This is all reminding me too much of WoT, I feel like this game will turn a lot more toxic as soon as sweats and edgelords get their hands on tons of quantifiable data like this. If sweats already try immediately checking people’s playercards to insult them, I don’t see this ending well.

Besides that, the fuckin Nordhacker is running that website so I don’t even want to think about touching it

lul.

I was skeptical about the live game viewer (even the site as a whole) when it came to actually logging in, even more so when I started looking up how one could make something akin to XVM as past certain point it would simply be impossible just with external data.

Glad I never logged in.

I think this should generate a much bigger outcry than anything else right now. I mean, this is worse than cheating.
Honestly, I don’t know if we should ping one of the forum mods or something. We need an official statement from Gaijing HQ about this. This doesn’t look like your typical script kiddy or some cheater. This dude has some kind of dev-like access, and at that point it is as serious as can be.

Here are a bunch of screenshots proving some of the allegations are true, for reference, the guy who’s behind nords and generally being a miserable little goblin is called “pluspy”

I haven’t checked but expect reactionary dialogue, racism etc.

Agreed, gaijin needs to deal with the user on a level above in-game consequences, this is a clear breach of about every data privacy, user protection and general safety rules around.

It’s good to see community recognition so far, but who knows to what extent the player in question will go to before he deals with any consequences.

Furthermore it raises questions about gaijin’s security standards and trust of 3rd party sources, I already found it peculiar that Statshark seemed to have in depth detail of matches, stats and overall coverage, despite it’s usefulness.

And one final note, hopefully gaijin chooses this moment to address it properly, something more sufficient than the standard corporate response is needed given the nature of the issue here, and it could potentially blow the lid off of a scandal but we’ll see

Welp, reading through Reddit, it seems that this dude was kicked out of Statshark and Statshark will lose the live game viewer and history viewer functions.
https://www.reddit.com/r/Warthunder/comments/1o13o3n/comment/nie7noe/

Nevertheless, Gaijin should investigate this, because by the looks of it, this looks like a heavy security breach.

With exception of live game viewer, statshark does not display any info that isnt publicly aviable through viewing your profile ingame and through official replay site.

Doesn’t mean they don’t have access to that data.

Unless the process with which statshark gains its data is made public, all we have are speculations.

Before someone accuses me of defending that one peculiar statshark team member, let me put the disclaimer - Im not defending his actions.

With that out of the way

Sure, they could have access to that data. Especially if you logged into the statshark website, which lol.

But, if you never logged into their website - which seems the case with Ripbozo - then all the data they likely can have are those publicy aviable through either viewing his ingame profile or looking up his name in replays.

So I suppose that’s the end of that. Sorta called it in the OP?

For those not following Statshark owner “Hadi” has confirmed that the access the live viewer needed as well as the global stats this OP was based on were provided by Statshark dev team member “Pluspy” and have now been shut down because Pluspy has left StatShark over allegations they chat-hacked another player. So September is the last month of these stats the community is going to get.

It’s a shame: for seven months players had their first real insight into the relative popularity of modes and BRs. While it seems that data they purloined here might stay up (I hope so) from now on it will only grow progressively more stale.

It is entirely reasonable to believe, now that we know more about Pluspy’s background and some of the stuff they’ve done using apparent admin-level privileges or backdoor access in the past and since, that this data was being accessed and pulled by Pluspy, starting in February, 2025, without Gaijin’s consent, and was never intended to be shared with players, making it a de facto ToS violation on their part.

There’s a lot of Discord screenshots going around of previous things Pluspy and Hadi have both said and done over the years. I have no comment other than to say it’s worth checking the dates on those, and remembering that Statshark Discord and website were only created in August, 2024, so before that they’re obviously from other sites. Equally obviously I think chat-hacking another player using illicitly obtained access, the one provable accusation here since Hadi started Statshark and which he says Pluspy has now left the site over, is both reprehensible and inexcusable behavior by anybody.

I don’t personally regret anything I did here in helping bring the existence of these stats or Statshark to other players’ attention, but if Gaijin takes action against those people involved in Statshark for breaking ToS, I won’t be one defending them. Hadi is trying to keep the other parts of the Statshark site up that did not involve Pluspy’s likely improper access to Gaijin data, and I do think some of those other parts of the site are useful to players and worth sustaining if he and his team can move on from this. In the past I have also said if you support Statshark you should consider giving them something on Patreon. I would totally understand now if anyone, based on these events coming to light yesterday, disagreed with that previous recommendation. I think you would be justified in believing Statshark needs to earn back players trust after tolerating what they tolerated here. I don’t believe anyone visiting their website or Discord to use the services that were available at the time or now has done any damage to themselves or their account security by doing so, but all players are at risk the longer Gaijin lets a rogue person with admin/dev level access and no obligation to use it responsibly continue to have that access.

Lol why? They still parse data, still publish it further.

They gather it from replays, seems nobody gonna remove the replays from the player access. You kind of dramatizing here.

Downplaying the signifigance of this is just begging to have your data leaked and account hacked, but who am I to tell you that’s a bad thing

Hadi has said that the individual vehicle stats, which is gathered from individual player records, not replays, will continue. The coloured tables at the top of each monthly page, broken down by mode, country and BR, came from Pluspy and will stop after the one that was just published (September). The aggregated data in those tables came from Pluspy’s backdoor or admin level access.

Could you show that exactly message?

image1167×95 32 KB

Statshark global vehicle-by-vehicle stats are aggregated from the service records of all active players on Gaijin leaderboards, which are scraped. Not replays. So those will continue.

However, the monthly stats that this OP relied upon in the table at the top of each global statistics mode page, by country and BR, were always derived completely independently from the vehicle stats. They were provided starting in February by Pluspy using his enhanced access to the administrative functions of War Thunder. As Hadi put it in the same post, "About six months ago, he approached us with an offer to help us get some of the more complicated data. We did reach an agreement, and he gave us an outlet to get certain data, mainly related to player statistics. He never contributed to our codebase directly. The extra data and his ways of getting them were hosted on an external server owned just by him.

“After the video, he left on his own terms, and his outlet for giving us the relevant data has been shut down.”

Damn shame.

Agreed … so as I understand the guy’s contribution to the Statshark project, he was filching the company’s proprietal data on monthly win rates by BR and country and the like and explaining to Hadi how to interpret and present it (the web presentation coding was all Hadi’s).

For the live viewer XVM clone he was pulling a live list of millions of player IDs and player names and hosting it somewhere where the Statshark web code could ping it hard without imposing lookup demands on the company’s own copy of the data.

That’s all he was really doing for his old friend who was now running Statshark. It was basically corporate intelligence work, theft really, just ostensibly for the customers. People can still go to jail for that in some parts of the world.

That means the XVM clone thing some people hated and were worried about was likely never going to survive long, as it depended on his continuous unauthorized access to a company system that Gaijin could turn off at any time. The chat hacking he apparently committed and that got him caught probably wasn’t any fancy code mojo either, he just had/has unauthorized admin rights.

Theft of data and access is still theft. To some degree you could say Statshark was white-knighting here by hosting stolen company data to share it publicly and directly with players, but they both knew the origins of their data (data that helped them to basically drive their own competitor Thunderskill out) and were taking donations to keep it up, and it ultimately made them vulnerable by association to the other unreliable and not-player-friendly actions of the thief.

What Statshark ISN’T to blame for is any of the thief’s own actions against other players before February using that advantaged access, or the recent chat hacking. That’s squarely on Gaijin, it now seems clear, as a pure ongoing corporate security lapse. For all we know this guy is just a friend (or a child) of a network admin, or maybe one of their investors, who lifted their password and had the skills to use it, and they so far have been either unwilling or unable to revoke that person’s elevated access. It seems implausible they don’t know who it is at this stage. That’s a little concerning.

From my point of view, this whole situation regarding more detailed player data is much more complicated.

What we have is probably an interface that allows people to access certain information. We don’t know for sure if it’s the same interface used by user profiles or something completely different. It’s quite obvious that Gaijin collects a lot of different types of data. Saying that accessing one kind of data is fine while accessing another is basically data stealing seems like an oversimplification. We don’t know how it works, and we don’t know why Gaijin allowed access to this information in the first place.

A perfect example of this is the localhost server that the game creates when you run it. As far as I know, there is no official documentation for this feature - everything we know about this server comes from user research. I’ve never seen the actual developers officially talk about this server anywhere. It’s even funnier because our Community Managers aren’t really sure what’s allowed and what’s not when using this data. There’s no official announcement about it, only personal interpretations from some staff members. But this is only their personal opinion. They can’t guarantee that you won’t get banned for creating a tool that uses this data.

That’s the whole problem with undocumented data. It’s possible that the game’s server allows access to global data by design, but that access just isn’t documented anywhere. So if you know how to use it, you can. Assuming it’s illegal to access this data raises questions about why this interface exists in the first place. Gaijin could block it at any time - especially after noticing a large number of new requests from unknown sources trying to gather all this data. It’s really hard to believe they’ve never heard of StatShark or noticed what they were doing. If it was truly a big issue for Gaijin, I’m sure that interface would have been shut down back in March 2025.

The truth is, we just don’t know how any of this really works. Maybe it’s much simpler than we think. Just like how people can extract a lot of very detailed data from the localhost server - even data that regular players don’t have access to through the in-game UI. Having more data than regular players who don’t use their localhost server already gives an advantage to those who do. That’s why people use this data - because it gives them something extra. You can even set sound alerts for specific triggers, while regular players have to rely solely on their eyes. If this additional data were completely useless, no one would bother with it.

From this perspective, accessing localhost server data is much more questionable than accessing advanced player stats. Only Gaijin can say what is legal and what is illegal here, but for whatever reason they decide to stay silent.