Quantcast

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Data Breach at Mortal Online, Star Vault. All shop & forum accounts compromised

GruntyGrunty Member EpicPosts: 8,657
edited July 2018 in Mortal Online
Passwords were stored using MD5 hash.


https://blog.dehashed.com/star-vault-mortal-online-hacked/

"Data breach notification

On June 17th, 2018 we were notified that our databases might have been breached.

At that time, we cut access to the website from the outside and started an investigation.
We brought in an external person to look into what happened, and today we sadly must tell you that we have indeed been breached.
An unauthorized third party gained database access to one of our servers containing the shop and forum databases.
We immediately started working on fixing the vulnerabilities in the website to stop this from happening in the future.

We do not store any credit card information on our servers so that information is still completely safe.
The breach has been reported to the authorities, and collected logs have been sent to the police.

If you used a password on the forums or in the shop that you use on other sites, then change them immediately!
We also recommend that you change your account passwords.

If you have further questions, send us an email at info@starvault.se"

"I used to think the worst thing in life was to be all alone.  It's not.  The worst thing in life is to end up with people who make you feel all alone."  Robin Williams

Comments

  • QuizzicalQuizzical Member LegendaryPosts: 22,370
    This is the third time they've been breached, and they're still only using MD5 and no salt?  That's basically a case of not caring about user data.
    [Deleted User]
  • TillerTiller Member EpicPosts: 8,983

    SWG Bloodfin vet
    Elder Jedi/Elder Bounty Hunter
     
  • QuizzicalQuizzical Member LegendaryPosts: 22,370
    Quizzical said:
    This is the third time they've been breached, and they're still only using MD5 and no salt?  That's basically a case of not caring about user data.
    Who the fuck still uses MD5, lol?
    The problem isn't so much MD5 as compared to SHA2 or SHA3.  The two glaring problems are:

    1)  MD5 runs very, very fast.  You can do several billion MD5 hashes per second on an ordinary video card.  Allowing an attacker to check several billion passwords per second on cheap hardware is just too much.
    2)  There's no mention of a salt, and if they didn't salt the passwords, then you can hash a password once and see if anyone in the entire database used the password.

    The quick and dirty fix is:
    1)  Put that MD5 in a for loop and do hundreds of thousands of iterations of it.
    2)  Salt your passwords so that if two people use the same password, they get different hashes.

    That alone isn't enough to make for great security.  But it does mean that after a breach, someone trying to steal user passwords has to do literally billions of times as much work to crack as many passwords as what it would take with minimal security they apparently used.
  • UngoodUngood Member EpicPosts: 4,507
    Isn't Mortal Online like a Dead Game, with less then 1K users? Who would waste time trying to hack that?
    Egotism is the anesthetic that dullens the pain of stupidity, this is why when I try to beat my head against the stupidity of other people, I only hurt myself.
  • TheScavengerTheScavenger Member EpicPosts: 3,321
    Ungood said:
    Isn't Mortal Online like a Dead Game, with less then 1K users? Who would waste time trying to hack that?
    low hanging fruit

    My Skyrim, Fallout 4, Starbound and WoW + other game mods at MODDB: 

    https://www.moddb.com/mods/skyrim-anime-overhaul



  • KyleranKyleran Member LegendaryPosts: 36,636
    Ungood said:
    Isn't Mortal Online like a Dead Game, with less then 1K users? Who would waste time trying to hack that?
    Most likely someone from their own playerbase.

    ;)
    Dakeru

    "See normal people, I'm not one of them" | G-Easy & Big Sean

    "I need to finish" - Christian Wolff: The Accountant

    Just trying to live long enough to play a new, released MMORPG, playing FO76 at the moment.

    Fools find no pleasure in understanding, but delight in airing their own opinions. Pvbs 18:2, NIV

    Don't just play games, inhabit virtual worlds™

    "This is the most intelligent, well qualified and articulate response to a post I have ever seen on these forums. It's a shame most people here won't have the attention span to read past the second line." - Anon






Sign In or Register to comment.