I'll message you an account you can click on to test and see when lucid's fixed the exploit. You can *probably* play your hearts but it's not outside the realm of possibility that another attack will happen if it doesn't get fixed soon.
deletedalmost 8 years
So arcbell should I even bother playing my hearts of am I gonna get fked over again
Considering it's an XSS that's been public and we thought was fixed for months, anyone who had the idea to try it and see if it still worked and has enough coding knowledge to deliver a payload that phishes passwords leveraging the trust users place in the site itself could have done it.
In plain english, any amateur who got lucky and tested some code that was made public months ago.
Changing your password is a good security practice, anyways, PonyLove.
deletedalmost 8 years
blasphemy! on the contrary, if you don't change your password, you will lose your hard earned pixelated trophies and points that have earned you nothing
yes it is ponylove. there is an open XSS in the angular that's gone unfixed for months and which anyone who logged in on a specific day months ago could have access to
I mean, honestly, people can do whatever they want, change the password or not, I mean, if changing your password will make you feel better, do it, but this thing isn't affecting the average em person.
ponylove you dont know what's going on. the only sense of safety (about your account) you should have right now is that the attacker probably won't do it twice in a row on the same day, and may not be gathering pw's en masse
deletedalmost 8 years
and then the pony mod abuses. i believe there is a rule that prohibits this
deletedalmost 8 years
demod ponylove please ive had enough
deletedalmost 8 years
this is a huge security risk, people's accounts are on the line
