MMORPG.com Database Hacked??

fat_taddler

Let me start by saying that I am a CISSP certified, Director of Information Technology for a fairly large financial institution and am fully aware of the importance of account security and end user responsibility.

 

For the first time, I received the infamous ANet email "someone - hopefully you (haha) changed the email address on this account"

 

I was sincerely hoping that it was simply spam but when I got home today and attempted to log into GW2 I realized that I had in fact been hacked.

 

Being an IT person who is very sensitive to risk exposure, you can imagine that my home PC is very fortified.  On top of that, I just bought a new rig that is only two weeks old so it's very clean.  I run the latest version of Kaspersky AV and have every protection component turned on.

 

At my office, we have very robust security controls in place which are audited by a division of the government once a year and must pass strict penetration testing twice annually.  

 

That being said, I think I can safely say that I was not the victim of a keylogger attack.

 

Now for the kicker, the only email address I use for gaming is the one that was changed and the only other time I've ever used that password in conjunction with that email address was on this website about two years ago (not this account).  

 

I like this website and use it frequently but I have to suspect at this point that it may have been compromised. 

 

I'm certainly not saying this to be malicious towards the admins of MMORPG.com, only to inform them and other users of this site that there may have been a breech of one of the  user account databases associated with this site.

 

If you use the same email here as well as GW2, please be aware that there may be a significant risk that your account could be compromised.

 

Four0Six

Originally posted by fat_taddler

Let me start by saying that I am a CISSP certified, Director of Information Technology for a fairly large financial institution and am fully aware of the importance of account security and end user responsibility.

 

For the first time, I received the infamous ANet email "someone - hopefully you (haha) changed the email address on this account"

 

I was sincerely hoping that it was simply spam but when I got home today and attempted to log into GW2 I realized that I had in fact been hacked.

 

Being an IT person who is very sensitive to risk exposure, you can imagine that my home PC is very fortified.  On top of that, I just bought a new rig that is only two weeks old so it's very clean.  I run the latest version of Kaspersky AV and have every protection component turned on.

 

At my office, we have very robust security controls in place which are audited by a division of the government once a year and must pass strict penetration testing twice annually.  

 

That being said, I think I can safely say that I was not the victim of a keylogger attack.

 

Now for the kicker, the only email address I use for gaming is the one that was changed and the only other time I've ever used that password in conjunction with that email address was on this website about two years ago (not this account).  

 

I like this website and use it frequently but I have to suspect at this point that it may have been compromised. 

 

I'm certainly not saying this to be malicious towards the admins of MMORPG.com, only to inform them and other users of this site that there have been a breech of one of the  user account databases associated with this site.

 

If you use the same email here as well as GW2, please be aware that there may be a significant risk that your account could be compromised.

 

 You almost had me, but then you say this.

Never, Never, Ever, use a password for more than 1 account, silly.

jblah

This is actually the only site I am signed up with that I use to look at GW2 related stuff and I have not had any problems. If it were here I am sure there would be way more games having problems.

The_Korrigan

I'm Bill Gates himself, this is my hidden personality.

True story.

This said, yes, if you use the same mail/password for fansite forums and for your games, you DESERVE to be hacked.

fat_taddler

Originally posted by Four0Six

Originally posted by fat_taddler

Let me start by saying that I am a CISSP certified, Director of Information Technology for a fairly large financial institution and am fully aware of the importance of account security and end user responsibility.

 

For the first time, I received the infamous ANet email "someone - hopefully you (haha) changed the email address on this account"

 

I was sincerely hoping that it was simply spam but when I got home today and attempted to log into GW2 I realized that I had in fact been hacked.

 

Being an IT person who is very sensitive to risk exposure, you can imagine that my home PC is very fortified.  On top of that, I just bought a new rig that is only two weeks old so it's very clean.  I run the latest version of Kaspersky AV and have every protection component turned on.

 

At my office, we have very robust security controls in place which are audited by a division of the government once a year and must pass strict penetration testing twice annually.  

 

That being said, I think I can safely say that I was not the victim of a keylogger attack.

 

Now for the kicker, the only email address I use for gaming is the one that was changed and the only other time I've ever used that password in conjunction with that email address was on this website about two years ago (not this account).  

 

I like this website and use it frequently but I have to suspect at this point that it may have been compromised. 

 

I'm certainly not saying this to be malicious towards the admins of MMORPG.com, only to inform them and other users of this site that there have been a breech of one of the  user account databases associated with this site.

 

If you use the same email here as well as GW2, please be aware that there may be a significant risk that your account could be compromised.

 

 You almost had me, but then you say this.

Never, Never, Ever, use a password for more than 1 account, silly.

I've used the email address in question with this password one other time in two years,  I realize that maybe it wasn't the best idea in the world but I certainly don't think it grounds to dismiss my concerns.

I do not have accounts with any other gaming sites, only MMORPG.com.

 

fat_taddler

Originally posted by The_Korrigan

I'm Bill Gates himself, this is my hidden personality.

True story.

This said, yes, if you use the same mail/password for fansite forums and for your games, you DESERVE to be hacked.

I don't think I "DESERVED" to get hacked and I'm not looking for a pitty party.  I'm simply pointing out a very obvious connection that should be looked into.

 

People on this site are pretty vicious

Aelious

Um, did ANet start allowing password changes again? Last I knew they had disabled that feature...

Meddle

Originally posted by fat_taddler

Let me start by saying that I am a CISSP certified, Director of Information Technology for a fairly large financial institution and am fully aware of the importance of account security and end user responsibility.

 

For the first time, I received the infamous ANet email "someone - hopefully you (haha) changed the email address on this account"

 

I was sincerely hoping that it was simply spam but when I got home today and attempted to log into GW2 I realized that I had in fact been hacked.

 

Being an IT person who is very sensitive to risk exposure, you can imagine that my home PC is very fortified.  On top of that, I just bought a new rig that is only two weeks old so it's very clean.  I run the latest version of Kaspersky AV and have every protection component turned on.

 

At my office, we have very robust security controls in place which are audited by a division of the government once a year and must pass strict penetration testing twice annually.  

 

That being said, I think I can safely say that I was not the victim of a keylogger attack.

 

Now for the kicker, the only email address I use for gaming is the one that was changed and the only other time I've ever used that password in conjunction with that email address was on this website about two years ago (not this account).  

 

I like this website and use it frequently but I have to suspect at this point that it may have been compromised. 

 

I'm certainly not saying this to be malicious towards the admins of MMORPG.com, only to inform them and other users of this site that there may have been a breech of one of the  user account databases associated with this site.

 

If you use the same email here as well as GW2, please be aware that there may be a significant risk that your account could be compromised.

 

I'm sorry to hear your account was hacked.  We did have a string of security issues the last one being in late 2010 that resulted in some of our user email addresses being stolen.  This is most likely how your email address was obtained.  We have not heard reports since then of people's accounts being compromised and keep a sharp eye on the security of our infrastructure.

Hexcaliber

[mod edit]

For your edification, in order to provide adequate system security, all you need do is schedule a virus scan of your hard drive once a month at most, even a free online scan service will suffice. Combine this with regular system updates and the addition of an up to date script blocker for your browser of choice and this will provide all the data security an average user will ever need. If you are behind a router as are most users nowadays, you are even more secure.

However, if you regularly download pirate software from illegal sources and visit sites offering the same, you will need a little more protection, but not much more, perhaps the addition of a package to protect from malware set to scan once a week. If you feel happier about your computers security paying yearly license fees for virus software, by all means feel free. On the other hand, assuming you use an modern MS OS, Microsoft security Essentials is more than adequate and it is free.

[mod edit]

Lukain

 

 You almost had me, but then you say this.

Never, Never, Ever, use a password for more than 1 account, silly.

This can be somewhat infeasible  , take myself  I am a member of at least 70 forums , have accounts to 10+ MMO & then you have things like Steam -youtube-skype  I could go on & on  so there is know what I could have 100+ different password  it would drive me insane

 

PS  - OP  I got the same Email - of course I just deleted it as I have nothing to do with Anet

 

 

 

Castillle

Well...I use my mmorpg.com email account for GW2 and I didnt get any email like you said but then again I dont think I had this account in 2010..

Pouf

Originally posted by Meddle

Originally posted by fat_taddler

Let me start by saying that I am a CISSP certified, Director of Information Technology for a fairly large financial institution and am fully aware of the importance of account security and end user responsibility.

 

For the first time, I received the infamous ANet email "someone - hopefully you (haha) changed the email address on this account"

 

I was sincerely hoping that it was simply spam but when I got home today and attempted to log into GW2 I realized that I had in fact been hacked.

 

Being an IT person who is very sensitive to risk exposure, you can imagine that my home PC is very fortified.  On top of that, I just bought a new rig that is only two weeks old so it's very clean.  I run the latest version of Kaspersky AV and have every protection component turned on.

 

At my office, we have very robust security controls in place which are audited by a division of the government once a year and must pass strict penetration testing twice annually.  

 

That being said, I think I can safely say that I was not the victim of a keylogger attack.

 

Now for the kicker, the only email address I use for gaming is the one that was changed and the only other time I've ever used that password in conjunction with that email address was on this website about two years ago (not this account).  

 

I like this website and use it frequently but I have to suspect at this point that it may have been compromised. 

 

I'm certainly not saying this to be malicious towards the admins of MMORPG.com, only to inform them and other users of this site that there may have been a breech of one of the  user account databases associated with this site.

 

If you use the same email here as well as GW2, please be aware that there may be a significant risk that your account could be compromised.

 

I'm sorry to hear your account was hacked.  We did have a string of security issues the last one being in late 2010 that resulted in some of our user email addresses being stolen.  This is most likely how your email address was obtained.  We have not heard reports since then of people's accounts being compromised and keep a sharp eye on the security of our infrastructure.

oh shit really? thanks i don't use the same password 

Netspook

Originally posted by fat_taddler

Originally posted by The_Korrigan

I'm Bill Gates himself, this is my hidden personality.

True story.

This said, yes, if you use the same mail/password for fansite forums and for your games, you DESERVE to be hacked.

I don't think I "DESERVED" to get hacked and I'm not looking for a pitty party.  I'm simply pointing out a very obvious connection that should be looked into.

 

People on this site are pretty vicious

 

You brag about your expertise (allthough obviously lying), then do a noobish thing like that. Yes, you deserved it.

Kyleran

One never should admit weakness on MMORPG.COM forums, the sharks smell blood and circle in for the kill. Sounds like the OP was correct though, his email may have been hacked off the site.

cnutemp

The CISSP is the epitome of a paper weight do-nothing cert.  Not sure how or why there are so many IA jobs these days, the profession is basically a glorified checklist that will eventually get replaced by either the DISA gold disk or retina.

Nadia

Originally posted by Kyleran
One never should admit weakness on MMORPG.COM forums, the sharks smell blood and circle in for the kill. Sounds like the OP was correct though, his email may have been hacked off the site.

made me smile

The_Korrigan

Originally posted by fat_taddler

Originally posted by The_Korrigan

I'm Bill Gates himself, this is my hidden personality.

True story.

This said, yes, if you use the same mail/password for fansite forums and for your games, you DESERVE to be hacked.

I don't think I "DESERVED" to get hacked and I'm not looking for a pitty party.  I'm simply pointing out a very obvious connection that should be looked into.

 

People on this site are pretty vicious

I'm not vicious at all. If you use the same emails/passwords for random forums and for your games, you make it easier for hackers. A "CISSP certified, Director of Information Technology" should know this I think.

I'm just a software engineer playing video games for like 30+ years and online games for like 20 years, and who NEVER got hacked... ;-)

fat_taddler

Originally posted by Hexcaliber

Reading through your "story" for this is all it is, it is clear you are not in fact a director of information technology for some unmentionable financial company.

If you were, you would be well aware the majority of virus checker modules do nothing more than prey on the insecurities and pockets of the ill-informed.

For your edification, in order to provide adequate system security, all you need do is schedule a virus scan of your hard drive once a month at most, even a free online scan service will suffice. Combine this with regular system updates and the addition of an up to date script blocker for your browser of choice and this will provide all the data security an average user will ever need. If you are behind a router as are most users nowadays, you are even more secure.

However, if you regularly download pirate software from illegal sources and visit sites offering the same, you will need a little more protection, but not much more, perhaps the addition of a package to protect from malware set to scan once a week. If you feel happier about your computers security paying yearly license fees for virus software, by all means feel free. On the other hand, assuming you use an modern MS OS, Microsoft security Essentials is more than adequate and it is free.

Finally, were you employed in the type of position you claim, you would have had enough intelligence to contact mmorpg.com privately, instead of trying to create some trivial scandal in their forums, as starting this thread serves no useful purpose whatsoever.

I find your reply fairly amusing and really unnecessary.   I gain nothing by creating a "story" and my post was submitted on the public forums to inform both the mods as well as other players.

Considering that I use a specific email address only for gaming and had not used that password for in conjunction with it on any fan sites except this one over two years ago.  I do not see any reason why that would discredit me.   I also do not download any pirated software as you seem to incinuate.

If you think my post is BS then why even take the time to reply to it.

fat_taddler

Originally posted by The_Korrigan

Originally posted by fat_taddler

Originally posted by The_Korrigan

I'm Bill Gates himself, this is my hidden personality.

True story.

This said, yes, if you use the same mail/password for fansite forums and for your games, you DESERVE to be hacked.

I don't think I "DESERVED" to get hacked and I'm not looking for a pitty party.  I'm simply pointing out a very obvious connection that should be looked into.

 

People on this site are pretty vicious

I'm not vicious at all. If you use the same emails/passwords for random forums and for your games, you make it easier for hackers. A "CISSP certified, Director of Information Technology" should know this I think.

I'm just a software engineer playing video games for like 30+ years and online games for like 20 years, and who NEVER got hacked... ;-)

I happened to use a password that I hadn't used in over two years with a particular game.   Mind you I play many MMO's and do not carry the same password across them.  I recycle a password used on one website over two years ago (without realizing) and suddenly all of my credibility is out the window? 

I'm having trouble understanding why people would attack me and claim I'm lying when I'm simply trying to infom people that these types of hacks are real and can happen to anyone.  At the same time, I decided to point out a very suspicious coincedence which I discovered regarding this website which was actually verfied by a MMORPG.com employee in this thread.

Tymoris

I'll point out that I have received that particular email in both of my email accounts, one of them is not tied with the game. So I am not sure really what to think of that.

fat_taddler

Originally posted by cnutemp
The CISSP is the epitome of a paper weight do-nothing cert.  Not sure how or why there are so many IA jobs these days, the profession is basically a glorified checklist that will eventually get replaced by either the DISA gold disk or retina.

Maybe I should have left out my credentials, didn't realize how angry people would get about a post from someone with an actual career.

 

I simply put that info in to demonstrate that 1) this can happen to anyone and 2) that I don't need a lecture about user account security.  Some may disagree on point 2 but to completey discredit me and the hard work I've put into my career seems unneceassry

Banquetto

---

Originally posted by Lukain
 You almost had me, but then you say this. Never, Never, Ever, use a password for more than 1 account, silly.

This can be somewhat infeasible  , take myself  I am a member of at least 70 forums , have accounts to 10+ MMO & then you have things like Steam -youtube-skype  I could go on & on  so there is know what I could have 100+ different password  it would drive me insane

---

You can use the same password for all the crappy forums. Just don't use that password for anything important as well.

That's my setup. One password for all the websites and forums and other such unimportant crap; and then separate unique passwords for everything important. Separate email addresses also (I have a domain name registered so I can use as many addresses as I like at that domain).

mf16

Originally posted by fat_taddler

Originally posted by The_Korrigan

Originally posted by fat_taddler

Originally posted by The_Korrigan

I'm Bill Gates himself, this is my hidden personality.

True story.

This said, yes, if you use the same mail/password for fansite forums and for your games, you DESERVE to be hacked.

I don't think I "DESERVED" to get hacked and I'm not looking for a pitty party.  I'm simply pointing out a very obvious connection that should be looked into.

 

People on this site are pretty vicious

I'm not vicious at all. If you use the same emails/passwords for random forums and for your games, you make it easier for hackers. A "CISSP certified, Director of Information Technology" should know this I think.

I'm just a software engineer playing video games for like 30+ years and online games for like 20 years, and who NEVER got hacked... ;-)

I happened to use a password that I hadn't used in over two years with a particular game.   Mind you I play many MMO's and do not carry the same password across them.  I recycle a password used on one website over two years ago (without realizing) and suddenly all of my credibility is out the window? 

I'm having trouble understanding why people would attack me and claim I'm lying when I'm simply trying to infom people that these types of hacks are real and can happen to anyone.  At the same time, I decided to point out a very suspicious coincedence which I discovered regarding this website which was actually verfied by a MMORPG.com employee in this thread.

Probably because its GW2 post it in TOR forums and then you would've been popular, either way i think it's Anet but thats me I had a GW1 acct that i play GW2 beta with and it got hacked on release day, yes i got the emails i just deleted them but got curious checked my GW1 acct and yeap it was stolen but i don't care i haven't played gw1 in forever and i only used that password for GW1. The only thing it did was make me wait to buy GW2 until all this dies down and Anet gets a hold of the situation.

Ignore the people I doubt it was MMORPG.com unless it was 2010 they got your info but i find it more likely Anet has a hole its possible it happens to alot of companies good and bad its not impossible people nd NO ONE deserves to get hacked except the people who say it. If anyone is to blame its the hackers.

Amjoco

Originally posted by Kyleran
One never should admit weakness on MMORPG.COM forums, the sharks smell blood and circle in for the kill. Sounds like the OP was correct though, his email may have been hacked off the site.

Yes! Nerds with huge sharp pointy teethe!

oscarian

There's another place your email address would be recorded - in the GW2 database.  Given the massive number of other compromised account reports I'm seeing, I can only suggest this is the more likely cause of your GW2 account being compromised.  But that only leaves a couple of possibilities, the GW2 DB has a security hole, a backdoor, or someone is working on the inside to distribute brute-force crack-attack hashes and usernames.  Or somesuch scenario as these.

 

Less likely that the umpteen accounts being compromised came from mined email/brute-force combo attacks.

 

/O

fat_taddler

Thanks to anyone who didn't bash me.  Honestly, I discovered a possible account issue related to this website and just wanted to inform my fellow MMO players

 

If I came across as a dick for including my credentials, I do apologize.  I never intended to offend anyone, just wanted those parties interested to know that I have some sort of credibility in the field of IT security and support.