Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

MMORPG.com Database Hacked??

2

Comments

  • FalcomithFalcomith Member UncommonPosts: 831

    The moral of the story is to keep forum passwords and game passwords different. Also, for each mmo game you own, make sure each has its own unique password.

    Now theres those people that have so many games and so many websites they visit that use passwords. So how does one keep track of them all and make sure you are not duplicating passwords and user names?

    Simple. Create a database using excel or the like and store the info on it. But DO NOT SAVE THE FILE ON A PC. Store it on a thumb drive or a CD-RW. Keep it in a safe secure place in your home and never take it with you to work, friends house, etc. Also never keep the thumbdrive or CD-RW with that file inserted in the PC unless you are using it to update or look up information.

    This will insure that the file cant be accessed from an outside source. Only thing that may get a hold of your passwords at that point is if a keylogger or other malicious program sneaks on to your system.

    Note: Do not keep financial institution website (bank, stock market, retirement, or the like)  user/passwords information in the file incase someone was to find that info, either through burglary or a nosy relative. In fact, you really should commit those to memory and also keep each with its own unique password and user name.

    When making passwords make sure they are long, use a combination of both capital and lower case letters, and use symbols and numbers.

     

  • cnutempcnutemp Member UncommonPosts: 230
    Originally posted by fat_taddler
    Originally posted by cnutemp
    The CISSP is the epitome of a paper weight do-nothing cert.  Not sure how or why there are so many IA jobs these days, the profession is basically a glorified checklist that will eventually get replaced by either the DISA gold disk or retina.

    Maybe I should have left out my credentials, didn't realize how angry people would get about a post from someone with an actual career.

     

    I simply put that info in to demonstrate that 1) this can happen to anyone and 2) that I don't need a lecture about user account security.  Some may disagree on point 2 but to completey discredit me and the hard work I've put into my career seems unneceassry

    IA isnt a career :p i can list 90% of your work with one url

    http://iase.disa.mil/stigs/

     

     

    edit - sorry if im coming off as a jerk, i just like having fun with IA people, you always make work harder for the engineers :(

  • GrayGhost79GrayGhost79 Member UncommonPosts: 4,775
    Originally posted by oscarian

    There's another place your email address would be recorded - in the GW2 database.  Given the massive number of other compromised account reports I'm seeing, I can only suggest this is the more likely cause of your GW2 account being compromised.  But that only leaves a couple of possibilities, the GW2 DB has a security hole, a backdoor, or someone is working on the inside to distribute brute-force crack-attack hashes and usernames.  Or somesuch scenario as these.

     

    Less likely that the umpteen accounts being compromised came from mined email/brute-force combo attacks.

     

    /O

    Actually the more likely scenario is that fansites and such have had there security compromised. The risk is minimal and the rewards turn out more often than not to be more than worth what little risk there is. Sites like MMORPG.com do not have your CC info or anything that would be considered sensitive. The only thing someone could gain would be an email address and passwords for this site. This means that a site like MMORPG.com uses adequate security measures for the type of information it's housing but not excessive security measures that would add unjustified finacial burden on them. 

    A company like NCsoft is not impervious to having its security compromised but there is a great more risk involved so most don't go that route and when they do they tend to go after credit card and more sensitive information. It's not very likely at all that they would go through the hassle of bypassing the level of security a company like NCsoft has for something as piddly as your user name and password. The reward simply does not justify the risk. If thats all they were going after and managed to get in then they are amateurs and if they are amateurs they wouldn't likely get in. 

     

    Now if you go back and re-read this site actually did have it's security compromised a few years ago. Curse... dear lord don't even get me started on that site lol. Many gaming site, professionally done and fan based have been compromised over the years repeatedly. If you use a user/pass that you have used on those sites you are asking for your account to be taken and odds are it will eventually. 

     

    Me personally I have a email for spam "Thank you for comming to our store, if you get our rewards card you will save money all we need is an email address!" they get my spam email. For general emails on sites like this I give them my standard address that I check for news and updates. For a game account every game warrants a new account. Then I have a private account for business purposses. 

    I always use a new password when I set something up and I have a habbit of changing them every 6 months. 

     

    I am mildly paranoid when it comes to online security, this has kept me pretty safe over the years. 

     

     

  • fat_taddlerfat_taddler Member Posts: 286
    Originally posted by cnutemp
    Originally posted by fat_taddler
    Originally posted by cnutemp
    The CISSP is the epitome of a paper weight do-nothing cert.  Not sure how or why there are so many IA jobs these days, the profession is basically a glorified checklist that will eventually get replaced by either the DISA gold disk or retina.

    Maybe I should have left out my credentials, didn't realize how angry people would get about a post from someone with an actual career.

     

    I simply put that info in to demonstrate that 1) this can happen to anyone and 2) that I don't need a lecture about user account security.  Some may disagree on point 2 but to completey discredit me and the hard work I've put into my career seems unneceassry

    IA isnt a career :p i can list 90% of your work with one url

    http://iase.disa.mil/stigs/

     

     

    edit - sorry if im coming off as a jerk, i just like having fun with IA people, you always make work harder for the engineers :(

    Thanks for the absolutely useless post, hope you got off by writing it.   

     

    I'm actually enjoying the anger and resentment involved with me posting some basic credentials in a post.   I must have been totally naive not to realize that they would actually discredit me.   

     

    You can think I'm a lying, loser, janitor if it makes you feel better about yourself, I was simply trying to help my fellow MMO players.   

  • TymorisTymoris Member UncommonPosts: 158
    Originally posted by fat_taddler
    Originally posted by cnutemp
    Originally posted by fat_taddler
    Originally posted by cnutemp
    The CISSP is the epitome of a paper weight do-nothing cert.  Not sure how or why there are so many IA jobs these days, the profession is basically a glorified checklist that will eventually get replaced by either the DISA gold disk or retina.

    Maybe I should have left out my credentials, didn't realize how angry people would get about a post from someone with an actual career.

     

    I simply put that info in to demonstrate that 1) this can happen to anyone and 2) that I don't need a lecture about user account security.  Some may disagree on point 2 but to completey discredit me and the hard work I've put into my career seems unneceassry

    IA isnt a career :p i can list 90% of your work with one url

    http://iase.disa.mil/stigs/

     

     

    edit - sorry if im coming off as a jerk, i just like having fun with IA people, you always make work harder for the engineers :(

    Thanks for the absolutely useless post, hope you got off by writing it.   

     

    I'm actually enjoying the anger and resentment involved with me posting some basic credentials in a post.   I must have been totally naive not to realize that they would actually discredit me.   

     

    You can think I'm a lying, loser, janitor if it makes you feel better about yourself, I was simply trying to help my fellow MMO players.   

    "I understand the confusion. I never said that you are not good at what you do. It’s just that what you do is not worth doing."

    I'll let you guess from which series it is but that's the gist of the other posters:P

    image
  • HensenLirosHensenLiros Member Posts: 461

    Doesn't MMORPG.com use password hash to sign in?

    I'm gonna freak out if they don't.

    Ultima Online 98~04
    Dark Age of Camelot 03~07
    Final Fantasy XI 04~06
    Guild Wars 05~08
    World of Warcraft 04~05
    Unsuccessful Tries: DFO/EQ2/DRaja/Rag/Req/RYL/9D/Cabal/KO/PSU/RF/GE/TO/TR/DDO/EVE/LoTRO/L2/RZ/SWG/VG

  • Four0SixFour0Six Member UncommonPosts: 1,175
    Originally posted by Lukain

     

     You almost had me, but then you say this.

    Never, Never, Ever, use a password for more than 1 account, silly.

    This can be somewhat infeasible  , take myself  I am a member of at least 70 forums , have accounts to 10+ MMO & then you have things like Steam -youtube-skype  I could go on & on  so there is know what I could have 100+ different password  it would drive me insane

     

    PS  - OP  I got the same Email - of course I just deleted it as I have nothing to do with Anet

     

     

     

     It is not infeasable at all. I write all of mine down in a notebook. I write them down because they are strings of random numbers and both lower and upper case letters. Then....place said note book in the safe in my room. If you are willing ot break into my house and steal my notebook, you win.

    Edit: Typo

  • xx19kilosoldxx19kilosold Member Posts: 209
    This site has had scripts try to run from flash in some of the advertisements.  I would tread very lightly when running around the third party websites in the gaming community.
  • JimmyYOJimmyYO Member UncommonPosts: 519
    You're not a legit IT guy if you used a password for an online forum for anything else. You would know these dinky gaming sites have little to no security whatsoever and can be hacked at will. I'm guessing you're data entry at best or your company has some serious security issues ahead of them....
  • Trudge34Trudge34 Member UncommonPosts: 392
    Originally posted by JimmyYO
    You're not a legit IT guy if you used a password for an online forum for anything else. You would know these dinky gaming sites have little to no security whatsoever and can be hacked at will. I'm guessing you're data entry at best or your company has some serious security issues ahead of them....

    Come on...posts like these make me laugh. I'm an IT professional as well and I don't use a unique password for every single site I visit either. That does not make what I do irrelevant, but I do the same with the sites I really don't care about getting hacked in using the same password. I laughed out loud at the person who dismissed the OP and then said any educated person knows you only have to run a virus scan once a month...our scans for our company are set at every 2 hours and every now and then stuff still can get through.  You don't need a virus for your password to be stolen, there are many other ways to do it. It's sad that the OP comes on with a legit concern and gets flamed for it, assuming his credentials are true which I have no doubt they are.

    Played: EQ1 (10 Years), Guild Wars, Rift, TERA
    Tried: EQ2, Vanguard, Lord of the Rings Online, Dungeons and Dragons Online, Runes of Magic and countless others...
    Currently Playing: GW2

    Nytlok Sylas
    80 Sylvari Ranger

  • ZiffnabZiffnab Member Posts: 10

    I happened to use a password that I hadn't used in over two years with a particular game.   Mind you I play many MMO's and do not carry the same password across them.  I recycle a password used on one website over two years ago (without realizing) and suddenly all of my credibility is out the window? 

    I'm having trouble understanding why people would attack me and claim I'm lying when I'm simply trying to infom people that these types of hacks are real and can happen to anyone.  At the same time, I decided to point out a very suspicious coincedence which I discovered regarding this website which was actually verfied by a MMORPG.com employee in this thread.

     

    Ditto.  I have over 20 years of IT experience.  I stated out as a unix admin and programmer back on SunOS and Digital Unix.  I have since moved into enterprise networking and security.  I currently manage the UC and Network Engineering teams for a large 10,000 node medical network, that I personally designed and stood up.

     

    If the OP's comments made the idoits on this forum mad for quoting off his creditentials than I am sure my post will make them truely livid.

     

    What peeps do not seem to not understand is that hackers have been harvesting and cross-referencing our accounts and passwords from MANY websites for years.  In other words it is not just one or two websites and games that failed you, but dozens if not more! 

  • Lord.BachusLord.Bachus Member RarePosts: 9,686

    Please move this post to the general gaming forums...

     

    I dont see a relationship to GW2

    Best MMO experiences : EQ(PvE), DAoC(PvP), WoW(total package) LOTRO (worldfeel) GW2 (Artstyle and animations and worlddesign) SWTOR (Story immersion) TSW (story) ESO (character advancement)

  • EvileEvile Member Posts: 534

    This just happened to me. I recieved that same email change notification, and now can't login to my account. I did NOT buy through MMORPG. My password was NOT the same.

    This is a issue with GW2 site, NOT MMORPG.

    WTF Arena net.

    image

  • MMOExposedMMOExposed Member RarePosts: 7,396
    Originally posted by fat_taddler

    Let me start by saying that I am a CISSP certified, Director of Information Technology for a fairly large financial institution and am fully aware of the importance of account security and end user responsibility.

     

    For the first time, I received the infamous ANet email "someone - hopefully you (haha) changed the email address on this account"

     

    I was sincerely hoping that it was simply spam but when I got home today and attempted to log into GW2 I realized that I had in fact been hacked.

     

    Being an IT person who is very sensitive to risk exposure, you can imagine that my home PC is very fortified.  On top of that, I just bought a new rig that is only two weeks old so it's very clean.  I run the latest version of Kaspersky AV and have every protection component turned on.

     

    At my office, we have very robust security controls in place which are audited by a division of the government once a year and must pass strict penetration testing twice annually.  

     

    That being said, I think I can safely say that I was not the victim of a keylogger attack.

     

    Now for the kicker, the only email address I use for gaming is the one that was changed and the only other time I've ever used that password in conjunction with that email address was on this website about two years ago (not this account).  

     

    I like this website and use it frequently but I have to suspect at this point that it may have been compromised. 

     

    I'm certainly not saying this to be malicious towards the admins of MMORPG.com, only to inform them and other users of this site that there may have been a breech of one of the  user account databases associated with this site.

     

    If you use the same email here as well as GW2, please be aware that there may be a significant risk that your account could be compromised.

     

    how old was that account on mmorpg.com that you believe was hacked?

    because a few months ago the site here was hacked.

    Philosophy of MMO Game Design

  • ConnmacartConnmacart Member UncommonPosts: 723
    Originally posted by Castillle
    Well...I use my mmorpg.com email account for GW2 and I didnt get any email like you said but then again I dont think I had this account in 2010..

    *Looks at join date, looks at person, looks at join date again* 

    Erm

  • frestonfreston Member UncommonPosts: 503

    Whats the matter with you people? 

    The OP has posted clearly in good faith, and with the intention of helping other people avoid  what happened to him. First reaction was saying he was a liar and he was making everything up. Then an MMORPG administrator admits the story he is telling is probably truth (btw, MMORPG didnt inform us of that breach of security, bad for them). As we cant call him a liar anymore, we mock his job, his mistake and probably his football team if he has any.... Ofc he made a mistake....he is making it public for your  benefit. I for one am thankful towards anyone who cares about my accounts not being hacked, so thank you OP.

     

  • rounnerrounner Member UncommonPosts: 725
    Originally posted by freston

    Whats the matter with you people? 

    The OP has posted clearly in good faith, and with the intention of helping other people avoid  what happened to him. First reaction was saying he was a liar and he was making everything up. Then an MMORPG administrator admits the story he is telling is probably truth (btw, MMORPG didnt inform us of that breach of security, bad for them). As we cant call him a liar anymore, we mock his job, his mistake and probably his football team if he has any.... Ofc he made a mistake....he is making it public for your  benefit. I for one am thankful towards anyone who cares about my accounts not being hacked, so thank you OP.

     

    It's his language. The things he says doesnt rate him as an IT security professional. There are plenty of cases of websites being breached, credit card numbers stolen and things a lot worse than a bit of game drama. Relying on SOHO anti malware for client protection is what most of us would do at home, but to hold it as a paragon of defense belies his inexperience.

  • frestonfreston Member UncommonPosts: 503
    Originally posted by rounner
    Originally posted by freston

    Whats the matter with you people? 

    The OP has posted clearly in good faith, and with the intention of helping other people avoid  what happened to him. First reaction was saying he was a liar and he was making everything up. Then an MMORPG administrator admits the story he is telling is probably truth (btw, MMORPG didnt inform us of that breach of security, bad for them). As we cant call him a liar anymore, we mock his job, his mistake and probably his football team if he has any.... Ofc he made a mistake....he is making it public for your  benefit. I for one am thankful towards anyone who cares about my accounts not being hacked, so thank you OP.

     

    It's his language. The things he says doesnt rate him as an IT security professional. There are plenty of cases of websites being breached, credit card numbers stolen and things a lot worse than a bit of game drama. Relying on SOHO anti malware for client protection is what most of us would do at home, but to hold it as a paragon of defense belies his inexperience.

    2 years ago i got in a discussion with a dick here on this site (he bragged about joining guilds, robbing their banks and leaving them) I called him a sociopath. He started joking about my "expert knowledge" and asked me if i learned a lot about sociopaths while i was flipping hamburgers. I made the mistake of telling him ive been a practicing clinical psychiatrist for 17 years so, yes , i had expert knowledge on the fact. Lots of people proceeded to demonstrate how i was lying: someone with that kind of studies couldnt make so many grammatical and spelling mistakes as i made. I was just making it all up. Fun fact is it was all true. Im spanish, english is a learned language for me and ofc i make mistakes when i write in it- dont be so hasty to play Sherlock on other forum members, you may just overdo it-

    MMORPG staff conceded that the facts he is stating are probably truth (they are consistent with the dates of a security breach they didnt make public) Thats good enough for me.

  • Requiem1066Requiem1066 Member Posts: 274
    Originally posted by oscarian

    There's another place your email address would be recorded - in the GW2 database.  Given the massive number of other compromised account reports I'm seeing, I can only suggest this is the more likely cause of your GW2 account being compromised.  

    I dunno .. a Gw2 gaming forums being hacked, both Yahoo and Nividia being hacked ( In July I believe ) it's a lot of emails etc for people to try 

    image

  • AmanaAmana Moderator UncommonPosts: 3,912
    Originally posted by freston
     

    MMORPG staff conceded that the facts he is stating are probably truth (they are consistent with the dates of a security breach they didnt make public) Thats good enough for me.

    Actually, it was stated that we did inform everyone back in 2010.

    To give feedback on moderation, contact [email protected]

  • NadiaNadia Member UncommonPosts: 11,798
    Originally posted by Requiem1066

    I dunno .. a Gw2 gaming forums being hacked, both Yahoo and Nividia being hacked ( In July I believe ) it's a lot of emails etc for people to try 

    dont forget blizzard being hacked

    could be 30 million+ emails  from players that ever played WOW, Starcraft 2, Diablo 3 or any battlenet game

    (Blizzard never gave numbers)

     

    http://us.blizzard.com/en-us/securityupdate.html

    Some data was illegally accessed, including a list of email addresses for global Battle.net users, outside of China.

  • frestonfreston Member UncommonPosts: 503
    Originally posted by Amana
    Originally posted by freston
     

    MMORPG staff conceded that the facts he is stating are probably truth (they are consistent with the dates of a security breach they didnt make public) Thats good enough for me.

    Actually, it was stated that we did inform everyone back in 2010.

    If i got the facts wrong, i apologize

  • svandysvandy Member UncommonPosts: 277

    The hostility to the OP isn't really shocking. GW2 fans that haven't been hacked are up in arms anytime someone claims there is any reason other than people practically posting their password for all to see for these hacks.

    I am inclined to agree with the OP that MMORPG.com is a good candidate for how this happened as it's the only gaming website I go to and use the same email that I used for GW2.

    Please visit my youtube channel for some H1Z1/DayZ casual roleplay videos!


    https://www.youtube.com/channel/UCrQoK5VZlwBBzpsksmXtjMQ

  • itgrowlsitgrowls Member Posts: 2,951
    Originally posted by fat_taddler
    Originally posted by The_Korrigan

    I'm Bill Gates himself, this is my hidden personality.

    True story.

    This said, yes, if you use the same mail/password for fansite forums and for your games, you DESERVE to be hacked.

    I don't think I "DESERVED" to get hacked and I'm not looking for a pitty party.  I'm simply pointing out a very obvious connection that should be looked into.

     

    People on this site are pretty vicious

    They are and those of us with common sense thank you for your posting this information. It's been said that people have had the suspicion that those hacked were using the same info on these type websites and the game. that's the best explanation i've heard so far as to how this is happening to so many people.

  • MikeBMikeB Community ManagerAdministrator RarePosts: 6,555

    This thread has runs its course.

    Locking it up.

This discussion has been closed.