PolyMC Compromised

Question

PolyMC Compromised

Kichura opened this issue 2 years ago · 10 comments

Kichura commented 2 years ago

What happened?

PolyMC maintainer suddenly removed permissions from all it's contributors and deleted it's code of conduct.

These contributors thought that the maintainer's account was being taken over and quickly spread the news across Minecraft communities.

It was later confirmed that the account was not taken over and the change was intentional. Still, due to the abruptness of this action, who knows what might happen with it in the future again and as such, we no longer consider it safe.

As such, it will never be supported by Fabulously Optimized (and it never was) and instead we'll be considering to support it's fork, Prism Launcher, as soon as we consider it "sustainable".

What should I do?

Follow these instructions: https://fabulously-optimized.gitbook.io/modpack/readme/install-instructions#polymc

Has my Minecraft account been compromised?

No, your account is safe.

Is there a safe fork?

Yes, it's made by the same developers (except that lead developer of course):

https://prismlauncher.org/
https://github.com/PrismLauncher/PrismLauncher

I have more questions!

Ask in the fork's new Discord: https://discord.gg/hX4g537UNE

Or see the article: https://www.pcgamer.com/minecraft-launcher-project-spins-out-of-control-after-dev-hijacks-it-to-fight-leftist-queer-ideology/

cozyGalvinism · Answer 1 · 2022-10-17T19:54:22.000Z

OG PolyMC maintainer here, just a heads up. We are currently trying to get the organization back and have in the meantime opened a new organization. We hope GitHub and Discord will cooperate with us and help us get our stuff back. So far, the only risk of running PolyMC is the metadata server, so if you change that in the settings to something bogus, you are safe.

Madis0 · Answer 2 · 2022-10-17T20:02:12.000Z

So far, the only risk of running PolyMC is the metadata server, so if you change that in the settings to something bogus, you are safe.

What about macOS auto-updater, AUR distribution, the website? I don't really think that is a safe solution.

cozyGalvinism · Answer 3 · 2022-10-17T20:04:24.000Z

Just don't update PolyMC or, like Kichura said, uninstall it until we give clearance. We might just rebrand entirely due to the damage done.

purejosh · Answer 4 · 2022-10-17T20:31:55.000Z

That's some damage.

Madis0 · Answer 5 · 2022-10-17T20:35:29.000Z

That's some damage.

If that was the only reason, why would he enable @everyone perms, change rank names, edit users' perms to view server's metadata..?

purejosh · Answer 6 · 2022-10-17T20:38:36.000Z

That's some damage.

If that was the only reason, why would he enable @everyone perms, change rank names, edit users' perms to view server's metadata..?

Great question, for Lenny.

cozyGalvinism · Answer 7 · 2022-10-17T20:39:47.000Z

We don't know whether he is compromised or not and this isn't the place to discuss this either. All that's important is that we are working on either getting everything back or picking up the pieces and continue under a new name, domain, etc. Right now, the official mirror is at https://github.com/PlaceholderMC.

thefourcraft · Answer 8 · 2022-10-17T20:55:51.000Z

@cozyGalvinism Can you give more info about this security issue?

cozyGalvinism · Answer 9 · 2022-10-17T21:09:19.000Z

@cozyGalvinism Can you give more info about this security issue?

All information can be found on our Discord server.

Madis0 · Answer 10 · 2022-11-01T16:46:35.000Z

Prism Launcher is now supported and migration instructions are in FO wiki. Closing this issue.

Share to