i was in a teamspeak server with some friends then it got hacked into by "owned" and then he somehow hacked into my email account and changed the password now i lost my email account, which had a lot of personal information linked to it.... so i want to say thanks a lot for messing with my life now i have to go create a new account change any personal information linked to that email addy, to the new one.. why cant you secure servers to stop little 14 year old kids from hacking into your system.... your getting outsmarted by 14 year olds, hell its become such a common thing that they put this all over you tube of watching people hack into teamspeak servers, and you know what its crazy and its really frustrating and believe me im using the nicest words i can think of right now. thnx again teamspeak for messing everything up

Hello and welcome to the TeamSpeak forums.

What makes you think that TeamSpeak is responsible for your hacked email account? There is absolutely no connection between TeamSpeak and mail accounts.

I've watched most of the "hack" videos on YouTube and all I've seen so far is either bruteforcing (which has been addressed in one of the latest patches), tricking users into giving someone ServerAdmin rights (which is the users fault because he did not think), modified TeamSpeak clients which grant someone ServerAdmin rights when you try to ban him (which is again the users fault because he did not download from TeamSpeak.com) and a lot of fakes where people "hack" their own server and say "Look. Now I am ServerAdmin.". Maybe I missed some videos.

There is also a known "XSS exploit" (cross site scripting) in the native web administration interface. Someone said that it's possible to steal the superadmins cookie and login as superadmin.

We investigated this issue but were unable to reproduce it. The exploit only worked fur us when attacker and superadmin had the same IP address (which is very unlikely). Furthermore, you can't inject the code without beeing serveradmin or having your permissions system configured to allow registered users to access and modify the server configuration (which is a very bad idea).

If you know better, please contact us with details.