they arent taking your infomation
1 Like
oh… but what happening with it right now? Is it unsafe?
Alright, why can’t we all just agree not to abuse each other for their skill issue?
The StatShark website possibly is, Just don’t use the login feature on it, You are fine if you never logged in yourself.
If you need to know more about what has been going on i recommend looking at the existing threads that are talking about it.
1 Like
All his cheats are typical of weak server side verification, not actual remote code execution. Kicking people with repeated login requests and muting them only by sending spoofed messages when they’re online instead of simply banning or muting them directly. If he had real server access then he would not have needed or thought about abusing the system in such a manner.
The nord missile hack looks very much like the server had few or no checks for the client sided missile pull and the instakill exploit is likely just spoofing the location of the enemy aircraft to be right in front of him to shoot at, or something similar. It’s much more probable that the hacks are all just the server trusting the game client too much, which makes sense given the age of the game.
I would personally not be very worried that payment information or something similar has been breached, since a simple lack of server side verification aligns with all the hacks. Although the lack of basic game mechanic checks may be a sign that their other infrastructure is not as secure as you’d think.
10 Likes
Although the lack of basic game mechanic checks may be a sign that their other infrastructure is not as secure as you’d think.
that’s my biggest concern.
Tell me you know nothing abt Anti-cheats without telling me you know nothing abt Anti-cheats. Trading a few more bans for infinitely more instability, insecurity and even greater consequences when a breach happens.
3 Likes
Not sure this would work. All players on current leaderboards(so basically every active player) since Feb are having their full service records pulled from the unique IDs provided via that leaderboard.
If you go off a leaderboard now they still have the ID to continue to pull your SR. Maybe if it was a completely fresh account.
1 Like
The fact Gaijin is perfectly fine with someone like this with such a history being allowed to still play the game is insane and proves so much of what people have been saying about the state of WT.
2 Likes
The Statshark site is fine to browse, there is no obvious risk to player data given what we know about how they collected it.
The only risk is if you pissed off Pluspy personally somehow, since he had all the elevated access used for the live viewer and the global stats and can apparently do other stuff. He has the same access he’s always had, presumably but Statshark says he kept that entirely to himself and just sent them data.
1 Like
There’s only 18 players in his squadron (.Sync.), assuming he’s still in it. They could find him if they wanted to, I’m pretty sure.
1 Like
Smin pfp jumpscare
1 Like
Just make all data private again and close these pages. That should be Gaijin’s job after they fixed such extreme exploits.
1 Like
If your Leaderboard data is private statshark doesn’t display your stats anymore. Because they choose not to. Try it out for yourself.
1 Like
If they’re respecting the player’s wishes there, even though they don’t probably technically didn’t have to… Good for them.
I think Statshark has handled a lot of these issues in the past very responsibly, I’m happy to see they did it again here and I’m glad there’s an opt-out of some kind for player records. Good info.
So that would break the WT Assistant app, and all the web based leaderboards, for starters. We don’t know what else would break, but those would be gone for sure. War Thunder shares service records via https for its own reasons.
They choose to or Gajin removed their API the question which ?
I will be referring to the full screenshot, which @MJPIA posted a portion of:
(I also posted the same reply on the Fair Play thread, but figured it would be useful to post it here as well.)
So, the parts of that message that I am going to quote below make it look like he is/was potentially/allegedly pulling this extra information by illegitimate means. I have always wondered why and HOW StatShark was pulling so much more information than ThunderSkill.
These statements from StatShark’s Discord give credence to this potential allegation that the extra information which StatShark was able to display was indeed obtained illegitimately. I have no direct evidence nor knowledge if this is true. I am specifically stating that this potential allegation is only a theory, and not fact until/unless we get an official confirmation.
I would appreciate more clarification from Gaijin, especially as it pertains to potential TOS violations.
What I see as relevant quotes from the screenshot above:
-
“The tools and methods he used to post the chat messages are his own. We do not have access to such tools.”
-
"About six months ago, he approached us with an offer to help us get some of the more complicated data…The extra data and HIS WAYS OF GETTING THEM [emphasis added] were hosted on an external server owned just by him."
-
“…and his outlet for giving us the relevant data has been shut down. The two tools, the live game viewer and the game history viewer…don’t work anymore.”
-
“The live game viewer will be down…since it’s part of the site where he had helped us. The global player stats…[will no longer include]…player or match numbers anymore.”
1 Like
i actually dont know much about anti-cheats so this is very much true