luawhitelist.com has been sold.

We're currently giving away $40 here

Sorry for the late response, I’ve spent the last hour resetting all my passwords. If you were a registered user of luawhitelist and use the same password across multiple sites, I recommend you do too. (you'll be okay if your password was complex)

Anyway a couple of days ago, I was contacted by an individual who wanted to purchase luawhitelist.com, at first I was hesitant but after negotiations we came to an agreement where he would keep his profit for extra features he wanted to add targeting the farming community, whereas I’d keep my profits from the whitelist side of things.

When I look back now, it does seem too good to be true, but I held confidence in my brand, and its growth potential, to which I could see why it could be beneficial to him in a way. After talking a little we decided upon a figure and used a trusted middleman, in fairness the deal went smoothly.

Everything got transferred over and I received the 4 figure amount that we agreed upon.

A couple of hours later I get a DM from some buyers informing me that the site was indexing all the VPS’s files, which I quickly acted upon and removed the DNS records from Cloudflare. I thought it was a genuine mistake, as the owner was supposedly Vietnamese (no hate to Vietnamese) but it was too late by then, however I didn’t think it was intentional.

20 minutes later the site gets removed from my cloudflare account. He had full access to the domain, so he didn’t need control over my Cloudflare account to accomplish this.

I quickly realised what was going on and tried my best to lock the new owner out of our VPS which had been transferred over to him.

I logged in, disabled Nginx and deleted the source files from the VPS.

This was effective for about 30 minutes until he started hosting the site off a new VPS I didn’t have access to, I didn’t have permissions on the Discord Server either, so I couldn’t inform the users of what was going on. And that’s when I realised, it was practically fucked.

I made a mistake by not using a salt on the hashes (even though sha256 is a military-grade standard within the industry it still has weaknesses especially with weak passwords and without a salt) I never thought the database would ever get leaked, as I was the only one with access to it.

I could have done a lot of things differently, and I admit, I’m a fucking retard for this. I would have loved for this deal to go through properly so my users wouldn’t have been affected and ultimately getting their data getting leaked, and if the buyer is reading this, thanks for paying 4 figures for a business, but fuck you for leaking user data.

I will learn from this mistake, and any future releases of mine I will salt the hashes too to ensure IF something like this happened again, the risk would be minimal.

I’m deeply sorry to my buyers and the thousands of users who this has caused inconvenience for, thank you for spending time reading this, and remember to reset ur passwords. (you'll be okay if your password was complex)

F.Y.I: I no longer own luawhitelist.com, and the new owner leaked the database.

"Xeno" leaking all the files, including the database

Him asking for a refund from the MM after leaking all user data