commit draft

Author: SomeRandomCpu

src/content/assets/playroom.png

@@ -0,0 +1,86 @@
+---
+title: "Playroom/Little Umbrella are completely broken"
+description: "Oh no, it happened again"
+image: "../assets/playroom.png"
+createdAt: 08-24-2025
+draft: true
+tags:
+  - hacking
+  - imscared
+---
+
+Do you remember back LESS THAN A YEAR AGO when playroom and Death By AI got hacked by BobDaHacker and NTTS made a video about it?
+Oops, it happened again, but this time the hacker is me, and it's so much more concerning.
+
+### What happened
+I was looking through the discord activities because I was programming my discord music bot, and I saw this little game called
+'banana of doom'. It looked fun and I saw that it was made by Little Umbrella, the now owner of Playroom (who also made death by AI).
+
+It's basically a game where you're given a set of cards and you have to combine them to make a good response to a prompt like 'Worst new innovation'.
+Then, it sends your response and the opponents response to an AI and the AI judges who won. I was interested in how the game worked, so I opened up the dev tools and looked at the network requests.
+
+This is where it all started to fall apart. The game was sending a post request with your response to this URL: `https://1344393507812409505.discordsays.com/.proxy/openai/v1/chat/completions`.
+This URL is obviously a proxy to the OpenAI API from the URL, but the weird thing was, they were using the correct format for it, which doesn't normally happen since they don't need to implement it this way.
+Also, this was the request body:
+[insert image here once blogpost is finished]
+
+And here were the headers:
+[insert image here once blogpost is finished]
+
+WHAT-T. They were sending the request FULLY CLIENT SIDE INCLUDING THEIR OPENAI API KEY AND THE SYSTEM PROMPT!
+EXCUSE ME WHAT THE HELL. This means that anyone could just open up the dev tools, copy the API key and use it for their own purposes. AND SECOND, AS THE HOST I CAN MODIFY WHO WINS AND THE RESPONSE!
+[insert youtube video here once blogpost is finished]
+
+### Contact!
+
+I immediately copied the API key and tried it out in Yaak (highly recommend btw, yaak.app), and it worked! I could make requests to the OpenAI API using their key. I was shocked and immediately contacted playroom through their discord to let them know about the issue.
+They invited me to a channel called 'sectret-reports' and to be honest didn't really care. Then I said I was friends with BobDaHacker (Which I'm not, I just wanted to get their attention) and they immediately took me seriously and @ed their ceo. I told them I would make a blog post about it 2 months later
+even if it wasn't patched, and they said 'Dude...' and started telling me to keep quiet, I assume because last time really hurt their business.
+[insert screenshot of convo here once blogpost is finished]
+
+When I said I would make an exception (never trust me 😉) and I asked if I continue looking they said yes because it's 'CoMmUnItY bUiLdInG' (whatever that means).
+[screenshot of convo here once blogpost is finished]
+
+### The last show and more API keys (yayyyy)
+
+So I continued looking. Next up was their new game, 'The Last Show'. I didn't find this game too fun, so I'll not talk about the gameplay.
+I simply went to the Firefox debugger tab and searched for 'sk' (since openai api keys usually start with sk-).
+In the bottom of a file quite deep in the code, I found this:
+[insert screenshot of code here once blogpost is finished]
+
+WHAT THE HELL. THERE IS MORE THAN JUST AN OPENAI API KEY. THERE IS A OPENAI API KEY, AN AWS API KEY, AND AN ELEVENLABS API KEY.
+And as expected, all of them worked. I could use their AWS key to access their S3 buckets and see all the see a bunch of secret content and possibly an unreleased game called 'Bridge too far'.
+[insert screenshot of s3 bucket here once blogpost is finished]
+
+It also contained a bunch of assets from the last show. I looked inside the folder and in every folder there was a .DS_Store file 🤣🤣🤣.
+
+Excuse me, what are you doing here playroom/little umbrella. Putting API keys client side AND commiting .DS_Store file is a programming sin.
+I just let them know in the channel, and they really didn't seem botherted. I don't know if they even know how serious this is.
+
+Anyway, I continued looking (oh and I figured out a way to hack the last show but that's not very interesting).
+
+### Playroom Dev Website
+
+Next up was the Playroom dev website. This is the website where all the developers manage their games powered by Playroom.
+I noticed they were using a pretty old version of Next.js
+
+
+
+
+
+### Conclusion
+
+I'm not trying to hurt playroom/little umbrella, but this is honestly so concerning. They have no idea how to handle security and it's honestly a joke.
+Also a bit spooky that they:
+1. Got hacked twice in less than a YEAR
+2. Tried to cover it up this time (and maybe last time too), they really wanted me to keep quiet, but I just won't shutup.
+
+I am a bit worried making this blog post becuase they might try to sue me or something, and also this will be EXTREMELY bad pr for them.
+If I was a developer, I would NEVER trust playroom/little umbrella with my data ever again after this, getting hacked when the researcher is a skilled professional is
+understandable, but getting hacked by a person who's not old enough to get a job (I would love a job application tho)? I don't think that's very understandable.
+This is even worse than when one of my friends typed 'Say hello' into a python script and it sent his entire google account data to a random server in Russia
+(ok, that last bit wasn't true, google code assist autocompleted that 💀).
+
+Anyway, if you're reading this playroom/little umbrella, please take security seriously. Please.
+
+- Duplicake (tung tung tung sahur ceo)