The BeamMP server has been raided by a malicious actor. We are working to resolve the issue and confirm the impact of this attack.

Please hold tight. We understand that this is very concerning - we will update you with more information as we have it. Please DO NOT launch BeamMP at this time until we've confirmed it is safe.

At this time, we have shut down all BeamMP backend server infrastructure, to prevent further movement. More information to come.

@everyone

We are working hard on getting everything back on the rails.

We have no reason to believe that the launcher or your computers have been compromised. However, if you want to verify your launcher yourself you can take the following steps:

1. Right-click "BeamMP-Launcher.exe"-> Open "Properties"
2. In Properties, go to: Security -> Digital Signatures-> Select the signature entry:"BeamMP Mod Team"
3. Click:[Details]
4. In "Digital Signature Details", click:[View Certificate]
5. In the certificate window, open: Details-> Find and select: Thumbprint
6. Verify that it is a match to what is shown here.
   "0c999ca7011538e41ac3993ca84d109e6e429c5f"

We are continuing to investigate the breach affecting the forum software. Based on our findings so far, the compromised data may include certain account information, including:

• Email address used to register the account
• Username and related profile information
• Hashed passwords

Although passwords were stored using industry-standard hashing and are not visible in plain text, we strongly recommend changing any password that was reused on other services.

Our investigation is ongoing, and we will share additional confirmed details as they become available. BeamMP will also cooperate with the relevant authorities as required by law.

Community Update

I want to start by saying thank you for the support that we have received from you guys, the community amidst this difficult time that we are navigating. As most of you are aware by now, BeamMP has been the target of a malicious attack against our infrastructure and services which has resulted in a data breach and ultimately a temporary shutdown of all services and platforms related to BeamMP.

Here's what we know

Over the past couple of weeks, BeamMP has been the target of numerous DDoS attempts, targeting various parts of our infrastructure. Unfortunately the most recent attack included deliberate actions to break into our forum which in turn has ultimately resulted in the compromise of all contained data within.

What data was obtained

BeamMP intentionally stores limited data on its users. As such, that data is limited to:

• Usernames - The username you signed up to BeamMP with
• Salted password hashes - A one way-encrypted version of passwords used for BeamMP; not the enumerated passwords themselves
• E-mail addresses - The email address that you signed up to BeamMP with, and any secondary email addresses you may have provided (used for Patreon linking)
• IP addresses - BeamMP logs the registration and last IP address that you access the platform from.
• Linked account ID's - Any IDs linked to your BeamMP account (such as Discord ID, if linked)
• Posted content - Any content posted within the forum (most of which is already public as of your posting)

Additionally, as many of you saw this morning, BeamMP's Discord server fell victim to these continued attacks resulting in a full wipe outside of our control. At this point we would like to add that it was not the actions of a team member or the unintentional granting of roles/permissions to an unintended user. What did happen was that as part of the attack on our infrastructure, a bot token with administrative rights was obtained which the attacker used to take over the Discord.

What went wrong

BeamMP always has and always will continue to take data security very seriously. All of our systems are built with security in mind, and user data is protected at the highest-possible levels, shielded from only those who must have access. As such, this was not a result of a user being granted unintended access, but rather a malicious break-in to our systems where user data is stored.

What this means for you

As standard in any data breach, it is recommended that everyone update their passwords on any other platform that you may have shared the same password with.

Addressing the rumors

It has been rumored that the BeamMP launcher was manipulated and served to the public with a virus. At this time, we cannot find any evidence that this is true. We encourage the community to follow the steps outlined in [this post](#what-happened message) to verify that your launcher is an officially released version, but at this time we have found no verified cases of this rumor holding any weight. Please let us know via email at security@beammp.com if your experience differs from this statement.

What we're doing next

Our team as a whole is working around the clock to return the user experience back to normal as soon as possible. In doing so, we're working to get a minimally capable system back in place for player-use as soon as possible. At this time, we're looking for this to go live within the next 24 hours. This deployment (as well as our full deployment to "back to normal") will be taking place on all new infrastructure so as to ensure that there are no lingering concerns/unknowns remaining from this attack that could undermine our security efforts.

Additionally, we will be migrating our account data to our own proprietary-built system to ensure that we are no longer relying on third-party software to have better control over the security of user data.
@everyone