This is a scripted message. An important announcement has just been posted in the #announcements channel. Please review it in detail and follow the instructions given. If we have not conversed recently (or since the last scripted message), give me an update on your organizing and any questions or matters I can assist with. Thank you.

This is a scripted message. Please make sure to review the recent announcement. Thank you.

Hey Thomas

Who all has had RC Admin access

I found something weird

Did you ever direct anyone to create something that sent attempted login credentials into RC to an email?

@Vincent TX and @Michael TX

You mean if someone attempts to change their name it send me an email? That was done recently as a security thing. Like screenshots.

I found a script that sent username and passwords to an email

when they logged in

What's the email?

[email protected] maybe

but it was also hidden, so we could not see it in the admin settings

so whoever did it also hid the field

this is really bad

@Vincent TX is Vincent.
@Jason NY is Jason.

Both are trusted. Vince just lived at my house for a month.

All this means is it was meant to not send their passwords

but why would this even exist

I don't know exactly what it does.

and vincent is only other admin, so maybe he did it on his own without your permission and then hid it?

it sends an email that looks like "PF-3320 MYPASSWORD"

I have never sent or received anything from that email.

For who? Everyone but those two?

yes

and you

I'm going to call Vincent and check with him.

i need to cahnge my password since I am an admin and if mine gets leaked we are screwed

Can you turn it off?

What is that formspree.io link in the code?

that is what the data is sent to and from their it sends the email

a place to save forms

Vincent said he does not know who made it.

I still cant find it, I only found it on the test server

I think they have hid it but on the test server it appeared

I will find it

john wa was also on that list of people to not send password for

which is random

Where was this script located?

Who all did the script say to not send PW's for?

in the custom script settings in the administrator area, but it was hidden so I never saw it, but you'd have to be an admin

Vincent, Jason, you, John WA

Strange. Must be recent. To do with the investigation.

let me ask jason about it

anyone with access to the RC server could have made those changes, not just an admin

But even if so, why would they need the passwords?

Seems nefarious and something that definitely should have gotten your approval

and whoever did it new it was wrong and hid it

On the line with Jason right now.

So it wasn't done by an admin?

it coudl have been, but it could have been done by anyone who has server accevss and is smart

How long has Jason and vincnet and john been in org

@Jason NY @Vincent TX

Created at
August 12, 2020 2:36 PM

that would put a bound no when it ws added

Created at
July 26, 2020 11:49 PM

so whoever added it had access after july 26 2020

when did paul leave?

I don't recall exactly. Maybe a month or two after January of this year.

so this could be paul leftover stuff

paul would have added my name

Correct.

its like whoever added it new those people were on tech team

but me and matthew and benjamin not so much

Vincent has only been involved in tech stuff recently. Last couple months.

really...

Yes. Only actively.

jason knows nothing?

He knows nothing of it.

Is looking into the email and the formspree.

"_updatedAt" : ISODate(""2021-12-15T05:11:40.678Z""),

someone messed with it real recent

Is that an IP?

no someone deleted the script

Someone deleted the script on this server?

but the snapshot you took kept it

yea like they knew we were gonna find it

jesus its someone in tech

i mean it seems like it could be....

Well, we did, so now we figure it out.

dont tell anyone yet

Vincent and Jason already know about the script.

tell jason and vincent to not tell anyone

I am changing keys on server to lock everyone else out

itll be just me for abit

Why did Matthew leave tech?

suspicious timing

Give me whatever I may need as well, just in case.

And yes.

sure

He was having vague concerns and worries. Usual stuff.

we dont want anyone gettinga hint we are on to them and wrecking the server

okay

Paul CA knows already. He is the last one.

Join the TG group call if you can.