Discussions

Discussion: SocialCP

Hey everyone,

Today I’m going to talk about a program known as SocialCP. Firstly, what is SocialCP? SocialCP is similar to a social network program, except it targets Club Penguin players only. I have seen some images of it and it looks extremely similar to Facebook. Several penguins have signed up but I have not. Why is this? Well, it’s because I’ve been suspicious of this site right since it’s started and now I have some evidence that it isn’t a very secure site. Before that though, let me show you the “Welcome” page for this website.

socialcp login

Now this looks perfectly innocent. Firstly, let me tell me my first issue. This is created by a single person named iSubhi2012. I did a bit of research on this person and found his Twitter account. What surprised me is that on his account, he did not use good spelling or grammar and I highly doubt he would have been able to script his own website. This is an example of a tweet from him.

As you can see, I highly doubt that someone who is unable to use proper grammar and spelling will design a website which he claimed he made all by himself. Yet what if it is not his? For this discussion, I had a look at SocialCP’s code and I found this in it.

socialcp copyright

So perhaps this is a copied website. Now, that’s one reason not to use it but my main issue with it is it’s security.

When you create an account, you need to register your password OR you can give your Facebook or Twitter account. All these passwords go to the website owners, who in this case, is iSubhi2012. This means that he could do anything with your accounts that have the same password as the one you signed up with. When I tried to view the permissions SocialCP asks for from your Twitter account, it wouldn’t load and I believe that that is quite concerning.

Although the owner has made a claim that he knows about privacy, I checked out his Privacy Policy for SocialCP. This is all it said.

socialcp privacy policy

When a website is created that collects personal information, you’d expect it to have a decent privacy policy made before it’s released. It looks like that this page is under development when it should already be made. This means that they’ve said nothing like “we won’t use your personal data for anything else” and even if they did, it would be difficult to believe them. This almost sounds like they’re reserving the right to do anything to ANY of your accounts, not just your SocialCP account.

My next problem is that OTHER people might be trying to get user’s details from SocialCP. Once again, I checked their security and the page is actually unsecure. This image I got by using Google’s inspection element proves it.

socialcp

Now, quite a few sites are considered “not secure” by Google. However, most sites have some kind of security certificate which proves that it is secure, such as the site you’re currently on. SocialCP does not. This concerns me as the website could be vulnerable to hackers. This also seems pretty serious, especially since Google has a security warning for it.

Unsecure

Some users are also claiming that they have trouble with passwords and usernames on the site.

socialcp hack

Furthermore, it seems that if this website does get hacked, many people will do as well. This is because SocialCP recently stated that they now have over fifty users, a few of which are “famous” people throughout the community. One user is named Dadted, who has almost reached five hundred subscribers on YouTube and he is even a staff member of SocialCP! It would be a big shame for his YouTube account to get hacked because of SocialCP.

A penguin named Flippy explained what he thinks are the good and bad points of SocialCP. This is what he said.

Good things: It protects the passwords with MD5 which can be cracked but not very easily. Bad things: It is on a free server and uses a free domain which makes the chance higher that it could be hacked.

Keep in mind that MD5 was what Flippr, a CPPS, used. They were hacked and many details were released for the public to see. These included names, passwords, IP addresses and I do believe a few other things. Although the passwords were in MD5, they can easily be converted from code into English. If your IP address is revealed, people will be able to use a tracker and trace where you live. Since SocialCP is vulnerable to this, I would suggest you don’t create an account. Overall, I think that both of Flippy’s points are bad for SocialCP. Flippy also said that they use a paid script called “WowWonder” but he suspects that everything else has been cracked, meaning that they got it for free.

Club Penguin is all about keeping us safe, but we’re not keeping our accounts safe if we just sign up to a website which doesn’t have any security certificates or a decent privacy policy. We don’t want the same to happen again. Some players are even concerned about a hacker attacking the website soon, and that makes sense for all the reasons I have explained.https://twitter.com/newcp2013/status/693387995450335232

If you’ve already signed up then I fear it’s too late to save your account unless you’ve made a password which you don’t use on any other site. Either way, still change your password. I would not suggest joining this website as you’re putting your accounts in danger. Remember to stay safe out there, penguins.

Update:This paragraph wasn’t in the original post, however we can now confirm that I was correct about SocialCP being vulnerable to hacking. This comes after SocialCP announced a hacker and advised all users to change their passwords. Thank you Derik for providing me with this updated information.
image

Waddle on!

wpid-dsf-1.png

Leave a Reply - your comment will need to be approved before it appears