Social Club password compromised


#1

Hi there.

FiveM developers please respond.

I am curious how FiveM check is my SC account is legit. Is it one time at first run (time when i need to input my full SC credentials), or always when I run FiveM?

After one day playing via FiveM my SC account was compromised by some f*ing scriptkid semen141200@…ru

I entered my login and password (I never done s*t like this before) into FiveM window knowing consequences and voila. Somebody was logged into my account one day after.

Because of SC checking in FiveM I almost lost my account. So please tell me how you guys checking accounts, where my login and password are stored (locally on my computer and remotely on your servers), where is FiveM unninstaller, or how to clean my system totally from FiveM.

FiveM was for me most promising alternative to R* online services but with this type of legit check you guys f*ed up.

Please respond.


#2

FiveM doesn’t “steal” your credentials. It’s not “saved” anywhere besides your own social club launcher.
Take a look at this https://fivem.net/#ownership link


#3

it may be strange a coincidence, but i need to analyze how this was happened.
Every kind of information will help.


#4

The code for the ownership check is public in the FiveM GitHub repository, as can be seen the account login information is never actually sent to any service other than the Rockstar services; the only data sent to FiveM services (lambda.fivem.net) is the ‘entitlement block’, which contains only data required to verify game ownership (account number, date and time, and a Rockstar-verified RSA signature).

It also appears to be common (as seen by the large scale sale of ‘hacked’ Social Club accounts) to mass-bruteforce account information - it is probable that your email address and/or password were compromised in a prior data breach, or otherwise easy to guess. There are a few web sites that allow you to check if your information was seen in a data breach, you should definitely check in with one of these.

There haven’t been many similar complaints, so this is most likely simply a coincidence that it happened to you so shortly after using FiveM.


#5

Thanks for answers.
Coincidence is the most logical explanation.
I hope i was wrong suspecting FiveM of credentials leaking, as it is best GTA alternative online platform in my opinion.

As you point me to compromised passwords in a prior data breach i am now focused on passwords changing to be sure.