A long time critic and Scamtuber (a term used by Earth 2 community for Youtubers who claim Earth 2 is a scam, mostly based on half information) is back again with major and serious claims about an alleged security breach related to Earth 2 accounts.
The drama that unfolded in last few days had this Scamtuber posting a video that included screenshots of exposed email ids of some Earth 2 accounts. The video claimed that this was a major data breach and that several Earth 2 accounts could be affected, and that Earth 2 knew about this and did not inform the affected accounts. The video also slammed Mapbox, which has partnered to provide its product for Earth 2, as a Google earth knockoff.
Shane Isaac, CEO Earth 2 refuted these claims vehemently and said that this a malicious attempt by this Scamtuber to mis-state facts and malign Earth 2 just as it looks to release the footage of its 3D world in the next few days. Shane adds that the motivation for this video stays from this particular Scamtuber's need to stay relevant by posting hate videos around Earth 2.
Shane clarified that there has been no data breach to his knowledge and the email ids shown in the video could be affected by several phishing attacks that were targeted to Earth 2 users some months ago. Shane said that this Scamtuber is plain 'lying' and even as they knew this right away, Earth 2 has still investigated the said data breach claim and found no credibility to it. He added that "Earth 2 is getting hated on for building our own tech from scratch to performantly stream a 1:1 scale geographical replica of the planet Earth, with a tiny dev team when compared to some of these other projects. Anything to derail and now they really are scraping the bottom of the barrel. At least it used to be some what comical"
Shane assured that Earth 2 accounts are safe and that it has "security / penetration hackers that work for security on banks." It's believed that the exposed email ids could be a result of the fake Earth 2 app that appeared some months ago and which stole data from several unsuspecting users.
Shane pins the below message on Earth 2 discord to allay any concerns of Earth 2 users:-
"What better way to try and discredit or derail a project that’s obviously about to share something that will prove a lot of the critics wrong, including the one who posted the video, than to release videos on the platform being hacked? Very convenient.
And how convenient he couldn’t login with any of the ‘hacked passwords’ because “Earth 2 fixed it” before he could record. You’re telling me that when he ‘apparently’ logged in to one of these accounts he didn’t take any screenshots or screen record it? How surprising.
We did not fix any major security data breach under the terms he publicly stated.
I didn’t realise people were so desperate for attention .. but I guess that happens when the main reason you’re relevant in the public arena is for hating that one project, you need to keep finding ways to hate on it or your relevance starts to dwindle. Kind of removes that relevancy once that project starts proving you wrong. So instead of manning up and admitting it, why not double down and create content with double the lies, screaming for that little bit of attention – because these videos have certainly passed simple criticism.
But we now have this person publicly stating incorrect information as absolute facts. It’s one thing having an opinion, but another to state things as indisputably true. What I imagine has happened is they have come across a very old list of data, potentially from one of the many phishing sites that targeted Earth 2 in early 2021 OR from a ‘rumoured’ hack that apparently leaked some details, but again, that’s from early 2021 and we were never able to find the details of the apparent leak at the time. We were mainly using GraphQL at that point but we moved away from using it as part of our core stack over a year ago for that very reason, the potential security issues with GraphQL.
And EVEN if someone did manage to hack GraphQL at the time, the hashed passwords he refers to was in fact dummy data (for dummies), hence why he probably could not login to any of the accounts and just claimed Earth 2 miraculously ‘fixed the security break’ before he could record it.
I am fairly confident that the group he has constantly working with him to try and find ways to derail Earth 2 have perhaps come across a very old data leak (if this is even true) and if it is true, then surprise, surprise, he’s claiming the bragging rights on someone else’s work and is irrefutably stating that he was responsible for just a month ago. I mean either way, he is publicly claiming to be involved with attempting to hack a company website and share the data, even if obfuscated, publicly on YouTube.
For those worried about their accounts being compromised, it is extremely unlikely unless you fell victim to a phishing attack – but even then – we have 2FA (which could have been turned on a long time ago) AND we have KYC (photographic account verification) now for over a year so that IF an account was ever compromised, they would need to verify identity so we would know who was paid out anyway.
And for the record, when all of those rumours were spreading early 2021, I intentionally leaked details of an attractive Earth 2 account including the dummy hashed pw data. Someone has tried to hack that account hundreds of times (I get emails every time an attempt occurs) and has still failed – the account has never been breached.
So again, like we announced in February 2021 – if you feel you have fallen victim to a phishing scam then always change your password, but even if you did a long time ago, we don’t have any reports of accounts having funds illegally withdrawn likely due to 2FA and KYC processes – this is the exact reason we implemented those systems! Buy hey, it’s more fun to claim to have hacked Earth 2 a few weeks ago.
Just wanted to leave this message here for any Players that are concerned."
Shane advises,"By all means, change your password should you wish to, but it’s more than unlikely any of your accounts have been breached."