Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Quick Links
General: Symantec: 44 Million Stolen Gaming Credentials Uncovered
MikeB
Community ManagerAdministrator RarePosts: 6,555
Symantec, the largest maker of PC security software, have uncovered a server hosting 44 million stolen gamer credentials, according to the official Symantec blog.
From the Symantec blog:
In previous blogs, Symantec has highlighted threats that steal user data. We recently analyzed a new sample submitted to Symantec and came across a server hosting the credentials of 44 million stolen gaming accounts. What was interesting about this threat wasn’t just the sheer number of stolen accounts, but that the accounts were being validated by a Trojan distributed to compromised computers. Symantec detects this threat as Trojan.Loginck.
This particular database server we uncovered seems very much to be the heart of the operation—part of a distributed password checker aimed at Chinese gaming websites. The stolen login credentials are not just from particular online games, but also include user login accounts associated with sites that host a variety of online games. In both cases the accounts contained in the database have been obtained from other sources, most likely using malware with information-stealing capabilities, such as Infostealer.Gampass.
So how many accounts of popular MMOs are in the database? Symantec estimates roughly 210,000 World of Warcraft accounts, 60,000 Aion accounts, 2 million PlayNC master accounts, and 16 million Wayi Entertainment accounts. Wow!
Check out the full blog entry here for additional details.
[Thanks Christopher8 for the tip!]
Comments
wow... Just WOW!
It's scary that there are so many compromised accounts in one database. It makes you wonder how many more of these mega-monsters are out there
This is just insane. FORTY-FOUR MILLION? Talk about identity theft on a large scale... that's just crazy numbers. The mind can't fathom that multitude.
Edit: I really hope more is done after having found this database. Ie: legal action. Find out who built the database, and all responsible parties involved.
That is exactly right, and we're not saying NO to save WoW, because it is already a lost cause. We are saying NO to dissuade the next group of greedy suits who decide to emulate Blizzard and Cryptic, etc.
We can prevent some of the future games from spewing this crap, but the sooner we start saying no, the better the results will be.
So - Stand up, pull up your pants, and walk away.
- MMO_Doubter
And these were pretty much only Chinese accounts (judging from the article).
Amazing.
"If all you can say is... "It's awful, it's not innovative, it's ugly, it's blah.." Then you're an unimaginative and unpolished excuse for human life" -eburn
Ouch! My credentials!!!
I suspected such things were going on when I got a "Phishing" email trying to get my WOW account info. The email said pretty much the same things they say when phishing for bank accounts. "There has been problem with your account.." etc, and wanting me to "verify" all of my login data for WOW.
Never pays to be too suspicious these days...
My WoW account got hacked along with like, a few hundred thousand other WoW people.
I wouldn't be surprised if my account was in there with the others. Or somewhere else, at least, my old account details.
I am playing EVE and it's alright... level V skills are a bit much.
You all need to learn to spell.
So now we have it. The reality of goal farming. Siphon and account for some spare change, move on wash rinse repeat.
I guess its easier to farm gold from player accounts rather than in game.
"True friends stab you in the front." | Oscar Wilde
"I need to finish" - Christian Wolff: The Accountant
Just trying to live long enough to play a new, released MMORPG, playing New Worlds atm
Fools find no pleasure in understanding but delight in airing their own opinions. Pvbs 18:2, NIV
Don't just play games, inhabit virtual worlds™
"This is the most intelligent, well qualified and articulate response to a post I have ever seen on these forums. It's a shame most people here won't have the attention span to read past the second line." - Anon
yea well thats is how gold is farmed through compromised accounts. That way if the account is banded for gold farming they just get antoher and move on. The real victim is the person who's account is hacked.
good for symantic that they found this, now if they can find the jerks who are stealing account in the us.
Sorry Mike, but I think I beat you to it with that little tidbit of news
Yep, I'm one of them. Got hacked 7 months after I QUIT. Funnily enough, none of my more recent game accounts got hacked, and there were no trojans/viruses on my PC. Hmmm...
At least now I know where my old info ended up. There's probably hundreds, if not thousands, more servers like this one out there though. Scary thought.
I bet good money my PlayNC account, which was hacked, is in there.
My gaming blog
Problem is that too many people use easily guessed passwords. PC security is crap and you can blame all the operating system companies for not improving their lax security.
I change my gaming passwords every other month (6 times a year) I generate them and remember them using Roboform Pro.
Example here is my previous AOC password 9ywrD8qf Previous in that I changed it this morning.
As far as I know my accounts have never been hacked although I did once have a credit card cloned that I had NEVER USED (it was in my safe) indicating that sometimes these details are stolen from the company rather than from the customer.
I used to visit this site a lot however in recent years it has become the home of negative forum posts, illogical opinions and tantrums so I visit less often.
Played or Beta'd: UO / DAOC / Horizons / EQ2 / DDO / EVE / Archlord / PirateKingsOnline / Tabula Rasa / LOTRO / AOC / Champions / Darkfall / Mortal Online / DCUO / Rift / STO / SWTOR / TSW
Two Things:
First, I doubt Symantec actually discovered these, this entire article raise my red flag of balogna. Labeled anti-virus programs are a scam, I have spent years testing and experimenting with these programs and they make you 'more' vulnerable not safer. So I'm skeptical.
Second, the thing that isn't mentioned and would never be mentioned is that many of these hackers get people server side, that is, on the hosting server. Guess what? Most of those major server farms utilize some kind of major anti-virus program which, to me, is already compromised.
So, I don't believe Symantec found anything, I think someone else did, I don't believe your password strength is relevant, you should be changing it once a month anyway without exception, I don't believe people realize what a scam anti-virus programs are. I am virus free for 4 years since I built this turkey I'm using. It's all about knowledge and a deterring methodology.
This is just crazy, i hope they keep searching for other perps...this can't be the only server diong this. It's kinda scary because you always think 'Well that wont happen to me,' but 44 MILLION?! that is a lot!
Mike, no offense, but y'all are behind the power curve on this one.
This article's been on my guild forums for three days now.
Firebrand Art
"You are obviously confusing a mature rating with actual maturity." -Asherman
Maybe MMO is not your genre, go play Modern Warfare...or something you can be all twitchy...and rank up all night. This is seriously getting tired. -Ranyr
Boy that's a lot of stolen information! I don't know if I should be happy to read they discovered this or scared, probably a bit of both. I can't beleive that there is so much money tied to stealing account information. They really ought to start treating this sort of hacking like they would identity theft, financial server hacking, or even kiddie pron sites and start prosecuting anyone they can find....if they an find them that is.
If they happen to find my hacked WoW account, they can feel free to keep it. Best thing that ever happened.
-Letting Derek Smart work on your game is like letting Osama bin Laden work in the White House. Something will burn.-
-And on the 8th day, man created God.-
Actually, if you recieved an email on this, it's random. People that don't even play WoW get those emails. I recieved one for Aion and I've never even tried it. The best thing to do with that type of email is report it as spam. If you got it in game, Blizzard recommends immediately right clicking the name and select "Report Spam". Not only does it place the name on auto ignore, it also immediately flags the account for Blizzard's attention.
Blizzard also states that ANY communication they have with you will be headed by the blue blizzard logo and any emails will come from either Blizzard or Battle-net. Paying attention to the names and return addresses from these spammers and thier emails or mails and thier bad engrish will tell you whether it's spam/phishing/scam or not. And like the loading screen tip says: a real Blizzard employee will NEVER ask you for your password.
This kinda gives me a laugh, because people are like its the company's fault!!! My computer is good, i didn't click on anything or buy gold or etc...
I guess this would explain how come I lost my account on World of War Craft when they said I was cheating when I did not have an active account for more then 6 months when this was happing and had not logged in for over 6 months. I told them they should make sure my account info was save. It ended up costing me all the money I spent on software all the time I had spent in the game. I was not a happy person and that ended with me stopping playing WOW because I can not make sure my account info was save.
Blizzard is in league with gold farmers to try and make you buy their security software and authenticator, thus spending even more money on their game. They tell you when you're hacked that you are playing on unsecure servers but they can provide security to you if you pay them more. [straight from EVERY customer support email concerning security: "our Blizzard Authenticator is one of the best ways to keep the World of Warcraft account secure."] This is total bullshit, and WoW can go to hell for being criminals. None of the other games I play would ever stoop this low, and you know what? They're not plagued with gold farmers either, because they PROVIDE SECURE SERVERS AND DEAL WITH SECURITY BREACHES IF THEY EVER HAPPEN. Most of my games have even stopped in-game gold spam in chat and mail, yet WoW is nothing but a walking virus. I was hacked on WoW and it took forever to get all my characters reinstated and delete all the fake toons that were created, and even then, Blizzard didn't give me all my characters back until I remembered each and every toon name and asked for them specifically. Come on, morons, I know you have a fucking database!!! They would give me a handful and say that's all of them unless you remember any more we might have missed. They did this over and over trying to make me lose characters I might have forgotten about. Now I'm getting the same damn phishing messages again, but my account has been inactive forever, and all of my emails to gmsupport at blizzard concerning this recent possible compromise have gone UNANSWERED by Blizzard. They won't even fucking respond to me concerning getting hacked now because I don't have an active game account right now?!? This company is nothing but scum, and lower than SOE, which says EVERYTHING about how NOTHING they are.
They will never stop hackers..Unless they shut down the internet for good...
Some people rob you at gun point..Others will rob you at "Ball Point Pen"
I have a HUGE feeling that most of these passwords account information was stolen by players signing up for free servers to play on. I know of many free servers who steal your game info because players use same info from the retail game as free server and email. This makes it easy for them to send you a fake phishing email that many unsuspecting users clicked. To bad for these people not knowing but you must be careful if your going to download free server auto login exe programs or visit them.
This is why I tell people to stay away from free servers.