Information Regarding The Weekend Hack

Incase you haven’t noticed, there has been a major incident with Stardoll’s security this weekend. I am writing this post as an open letter to Stardoll in the hopes that they will finally deal with the issues that are becoming harder to ignore. 

First, Stardoll has constantly been going down over the last 2 weeks & virus alerts have been popping up for those users with Anti-Virus programming. It seems that someone has taken advantage of problems with Stardoll's server by hacking into the system. However like I said, these issues have been occurring over the last 2 weeks now (plenty of time for them to fix it) and many users have mailed Stardoll only to receive the same auto-message. 





In regards to the security issue, it began during the early hours of Friday morning (1am Swedish time), when a user by the name of ‘Stardoll3737’ started sending out broadcasts. 
(DO NOT VISIT THIS USER, YOU ARE PUTTING YOUR ACCOUNT AT RISK).




The broadcasts all read the same thing, advertising 2sd sales & giveaways etc. things that would always encourage dolls to click on them. However when you clicked on the broadcasts, users were re-directed to the blog of Stardoll3737 which had an inappropriate picture of a naked woman. Click here to see a censored version of the image (I will not post it here on the post due to younger views). 

The broadcasts continued for 30 minutes, where inappropriate images were added to the background of Stardoll (see here), and sound started playing with pornographic noises. The sound continued for around 5 minutes, while the images stayed up for around an hour.

Along with the pornography that was posted, a keylogger was attached to it stealing users information, which started the first accounts to get stolen. Many accounts got hacked, and while some users were able to reclaim their accounts, they lost a lot of Stardollars and some were unable to re-gain access. Stardoll3737 continued with broadcasting & it died down after a few hours.




On Friday, Stardoll made no response whatsoever to any of the hacks or to the porn being posted. Despite many users reporting the account, it was still up (although the pornography had been removed). Stardoll then made a post on their official instagram of them having a party (see here: https://www.instagram.com/p/BG3vmMkgt_T/) and one of the official Starblogger's complained on their Instagram post about the site's security. Users have complained about the security on their Instagram all weekend but they have continued to post & ignore messages. 




Stardoll continued to do nothing about the hacking & didn't respond to those who were hacked & trying to claim back their accounts. They did however, have enough time to send a warning out to the Starblogger that complained on their Instagram (& threatened her Starblogger position).


After no response & Stardoll's staff going home for the weekend, the first of many high-profile accounts then got hacked. A member of Callie's Crew, Busecem06. Her doll was changed, stardollars stolen & presentation changed. Dolls then started flocking to Facebook & Underneath Stardoll as they had gotten hacked through clicking on broadcasts and were trying to reclaim their accounts. During this time, the hacker was signing in & out of Stardoll so that they would appear on the front page. This led more users to clicking on the user, visiting them & getting their account hacked.


The hacker seems to be stealing their Stardoll log-in information, and changing the email to cherry.. @stardoll.com (the email does not get verified, but the password is changed and the hacker has access to the account). Unless users have an up-to-date email they are unable to retrieve their account by requesting the email to be changed back to the original. unless the account is changed back to the original email, users are unable to get a new password & have lost their account for good. (Fortunately most users have managed to claim their account back, but it isn’t the case for everyone)



Rather than go after items, the hacker went after stardollars and so far over 300k Stardollars have been stolen from accounts, with one user alone losing 50k. Some users had to sit by and watch their stardollars get drained, unable to get the hacker off their accounts. [Side note, it’s 2016 why does stardoll not have the option to log out of all devices yet?] Dolls were also ruined, with presentations made to contain insults/profanities, almost as though the hacker was targeting certain dolls too. There was no way to see who was behind the hackings, or where all the Stardollars were going, the hacker covered their tracks by buying bazaar items for 600sd (rather than reserving, or stealing users' items).







Over Saturday & Sunday, the hackings continued. Stardoll3737 has spent the entire weekend broadcasting ‘2SD SALE’ and other harmless broadcasts that countless of users have clicked on, only to be re-directed to the blog & have their accounts stolen. Stardoll is quick to tell us that we shouldn’t “reveal your password” and “not to fall for these scams”, but it’s an entire different story when the links are coming from Stardoll themselves. 


So the current situation, it is now Monday & there has been a new release up on the site already but Stardoll have still not responded to the hack. A few automatic messages have been sent out already about not revealing your password, but the majority have not given out their password and lost their account simply from clicking on a broadcast.

By the time I began writing this post, Stardoll3737 was still active (although it seems now they have been removed, whether the hacker de-activated or Stardoll did, I have no idea).

A few users have called Stardoll's office, only for the calls to be ignored or re-directed. Stardoll are still staying quiet about the situation on social media. Some hacked users still haven't managed to get their accounts back, many users have de-actived their accounts in order to protect themselves seeing as Stardoll won't. 



Just a few of the users that have been hacked so far:
Busecem06 (A member of Callie’s Crew!), Lorrysnow, TanfenVarEmo, riamaria2000, Conzalo, kikiwe1, bey22304, Sharpayhsm96, s0ul.fly, zuzia_zapi, sekerkis1, Tinki-Vinki93, Celliji, Jesika_Stem, Jacobbhunter, olka_11, LA.ROMI, beautifulr_, lolipops1199, Fantaaa, maite-loka, Kawaigirl4, paula2000_5, angellmary17, kikinha_25, ThePast77, qwert0
(If you have also been hacked, or know of someone that has then please get in touch!)

None of these users have given out their passwords. Some of them are popular wig designers, and have had their designs deleted.


If you have been hacked, know someone that has been hacked or have had any problems with Stardoll lately then please get in touch, be sure to email Stardoll directly too at support@stardoll.com & contact@stardoll.com, and add 'Do not send me an automatic response'. They have been responding to users telling them to report the specific user/problem by using the contact form & report buttons, but they have done nothing about the situation so far and it's difficult for users to try and reclaimed hacked accounts when they are just receiving the same condescending auto-message telling them not to reveal their passwords. It's a little too much of a coincidence that all these users gave their passwords out at the same time huh? 


What do you make of this situation?

Do you think Stardoll will fix the issues or sweep it under the rug like last time? 


A 



Update: It seems like Stardoll are finally doing something about the hack. The have refunded one user already, so it seems like they are finally acknowledging that this is a security issue and not a case of dolls 'revealing their password'. They have sent out a mail in regards to those who complained about the pornography posted too. I guess they are only responding to those that have mailed them with complaints rather than send out an announcement, which is a shame really. I understand that Stardoll don't want to panic people (& cause them to lose more money), but the least they could do is let all users know there is a security issue that they're working on. 



If your account got hacked this weekend then be sure to email Stardoll directly with proof (use the email address above rather than contact them through Stardoll's contact form, as you can attach screenshots). If you no longer have access to the email are unable to access your account, you will need to email Stardoll with the original email you used to sign up, the date of birth on the account & any proof of transactions too.  



Update 2: Stardoll have now sent out a doll mail to all users regarding the situation. It seems as though once again they are not taking responsibility for the issue in regards to the site constantly going down for the last few weeks. They have also been careful not to mention any users getting hacked, probably so as not to panic users & hopefully sweep everything under the rug. 



 




HOW KEEP YOUR ACCOUNT SAFE:
- Use AdBlock & Anti-Virus programming, those have managed to block the inappropriate content from getting through on Friday morning, as well as warn users over the last 2 weeks of malware coming from Stardoll.
- Make sure you have an updated email address connected to your account. If you do manage to get hacked somehow, you will be able to request for your email to be changed back in order to retrieve a new password. If you don’t have access to the email connected to your account then it’ll be harder for you to retrieve your account.
- I'm not going to be condescending & tell you not to give out your password, because we're not morons and despite what Stardoll seems to think, the majority of hacked users never gave out their passwords.










Disclaimer: All words are my own and Underneath Stardoll is in no way affiliated and will not be held liable for the actions of others regarding this post. Underneath Stardoll and the writers are in no way libel for any information published on any other websites. You are not permitted to use content from this blog without the express permission of the owners. Outside sources are welcomed to link to our blog, but for legal reasons, Underneath Stardoll in no way condones, endorses or accepts any responsibility for any statements made, true or otherwise, on any websites other than our own.

SaveSave
SaveSave