Unauthorized Access
Hello,
Yesterday, October 6, 2025, at approximately 5:30 PM EST, unauthorized access occurred on my account. Someone gained access and began kicking players from a game server where I am an administrator, as well as sending messages to the server.
I have reviewed all my emails and investigated everything I possibly could on my end, but found no signs of unauthorized entry, yet this incident clearly happened. I would appreciate it if you could look into my account and provide any relevant information that might help, such as session IPs, browser details, or any other data related to this event.
For reference, I have attached a log showing the activity on my account from yesterday. The action at 4:54 PM, where I added a ban, was performed by me. However, all activity after that time was not me and was completely unauthorized.
This incident occured on the server https://www.battlemetrics.com/servers/arma3/7991938 and I am logged in through Steam ID 76561198443819754
Thank you for your assistance in looking into this matter.
Best regards,
16 Replies
Go to your profile.
Account management
Active sessions,
Check for anything that is not yours and make sure to force logout.
If you use the API at all and have tokens i suggest revoking them also.
Same page, Manage Personal Access Tokens.
while there, i suggest activating Multifactor authentication
Everything in there looks normal, but I did have a blank api token in there that I revoked.
I also turned on two factor
Ok,
Lets narrow it down more then.
Go to your ORG I assume your the owner?
Top right of the "staff" list is a "Audit Log"
Open that up. Filter via your user.
This will give you step by step information on all actions that occurred via you.
Weather it was the RCON Dashboard OR API Token.
This will help narrow down the where your breach was also.
Its a pretty large community that Im an Admin on, so Im not the owner, but let me reach out to our Senior Staff that has access to the audit log real quick
Yeah, have senior staff look into it for you.
They will be able to tell if they actually gained access to your BM, or they used the API.
it will also help them see if he did anything else to the ORG
Looks like it was all web broweser not API, but if I'm logged in with steam, shouldnt there be some sort of notification of a new login or access logs as to the IP address comitting the actions?
yeah, if it was browser it state something like this:
IP address's for admins aren't given to the ORG for security.
Anything with browser has "Website" listed on it
Is there anything you/support are able to provide to tell me if the access was through my PC or if someone had remote access to my account?
We removed access to my account from the org, but are nervous to add it back and have something worse happen
They won't via discord.
Any request for deep dive's into accounts must come from email, which is associated with your BM account.
This is for security & Verification you are who you are.
Okay cool, I sent an email too so hopefully they will be able to help give us some info to clear things up
Is whoever handles those emails in this discord? I’m kinda just in limbo right now till I have a better understanding of what happened
They are, but as i stated, they can't provide any information via discord.
You have taken the appropriate steps to secure your login and cleared API Access.
Yeah I understand, my point was more so to get their attention to look into the email I sent
They will get to it when they get to it.
Yeah thats pretty much how it goes lmao