This is a very important post, so please read carefully! It may be updated in the future.
Chobots doesn’t and never has hashed/encrypted passwords, what this means is I (and other select members of the team) can see the password you set. This is the exact reason why you should always use a different password for every website. While we are going to try our best to keep this data secure, large companies like adobe have been hacked – you should always do what’s in your best interest for your own security.
What are we doing to fix it?
Our team is currently laying the foundations for a “Roadmap” on what we want to achieve in the upcoming months, and possibly years. (This will be communicated here, through the blog in the future) One of these is implementing password hashing so your password isn’t stored in plain text.
How are we going to fix it?
One of the ideas which many of us have been thinking of for years at this point, is to recreate the game in HTML* (this is a very vague way of putting it) which gives us a chance to rethink and rework how Accounts are handled by the game.
How does this affect me? (The User)
This is a risk for you, if you use a common password across many websites. If our database is ever compromised, your Email & Password will be leaked together. Our team is going to do our best to ensure this doesn’t happen, but as stated above big companies have had leaks.
What can I do? (The User)
Practice safe password security, and use a different password across numerous websites. If you use Apple Products such an an iMac, iPad, iPhone, etc you will have access to KeyChain which will sync all of your logins across your devices! If you are a Windows/Linux/Android User or an Apple User who just don’t want to be bound by Apple Services, LastPass, 1Password, Norton Identity, and many other options exist for Password Vaults.
2Factor-Authentication is also available on almost every platform imaginable, while this may be a pain for you from time to time – it’ll save you massive headaches down the road if one of your accounts is ever compromised.
You can also check if your email/password has been compromised in a breach already, with a free tool available online at https://www.haveibeenpwned.com/
*Last updated January 1, 2022 @ 5:23 PM EST