Friends!
My assistant Aqwaa’s accounts were hacked, and the attacker gained access to everything Aqwaa had access to. The hacker took down my website, bought me a ChatGPT Pro subscription for $200, and messed things up wherever they could.
They also used Aqwaa’s admin rights to delete the files of both of my games and replaced them with a link to some .exe file—most likely malware. That link was online for a little over an hour and has since been removed.
If you downloaded an .exe file instead of a large game archive, please download an antivirus tool and https://www.malwarebytes.com as soon as possible and scan your system (it’s free).
At this point, control has been restored, all malicious links have been removed, and the game download links are now correct and safe.
Once again, we sincerely apologize for the inconvenience.
Did you like this post? Tell us
Leave a comment
Log in with your itch.io account to leave a comment.
That sucks, man!
If the website was run from a computer, not from an external organization, I recommend that you re-install the operating system as well, including the software that's on it.
Make sure to find out how the hack took place. If you want, I can invite you to a Discord where techno-kids and white hat hackers meet. You're likely to find people there that can advise you about cyber-security.
They hacked Discord account of assistant. I was stupid enough to pm him passwords there. That’s how they got access to my site and chat gpt account I paid for him. How they got access to my assistant’s itch? I don’t know. Probably, he used the same password. But it doesn’t matter now as he is not admin anymore.
This problem arose not because of malicious software on my pc. I have paid versions of Norton 360 and Malware bytes (they can work together) on my PC to make sure I don’t have any malware.
But anyway, thank you for your support!
If your next admin is going to be someone you don't know personally, you may want to agree on a code that you can give him (a word or phrase, a numerical code or a chess move) that you can occasionally ask him for authentication. Tell him ofc to delete the DM in which you give him that code.
Also, change your password every 3 or 6 months to stay ahead of brute force attacks (i.e. someone using a program to spam passwords on your login page until one works), and ask your admin to do the same.
If you have the possibility to do so, you may want to set up your website so that, after like 3 failed password attempts, the user has to wait 15 minutes before he can try again.
And finally, I myself store my passwords on a USB-stick, so that I can keep them offline, and still have them at hand when I need to.
I'm happy to be of help of course, and even gladder to find you back in business. Welcome back!!
Kindly,
Arikania
Thank you very much for the advice!
But what I’ve taken away from this situation is—no more admins. My next assistant will do everything offline, and I’ll handle the website updates myself.
It only took the hacker a couple of minutes to cause trouble and move on. Honestly, I was lucky that he acted so blatantly instead of trying to embed some malware into the working version of the game.
I’ve changed the password too. So, lesson learned. No serious harm was done. Those players who downloaded the malware did it for free, which means, as compensation, they now have access to the games and all future updates.
OH NO dang sorry to hear that happened, will you be reuploading the game (same website or different?) Hope he/she can get it back
Yes, Aqwaa doesn't have admin rights anymore, so it's safe to reupload.
Oh that's good to hear, glad to hear that!
try and help them get their stuff back