333 ответов в этой теме

[Chairon de Celeste]

GalldorLarys wrote...

Lately, there's been a group that is acting often, lulzsec. They are often stealing account information and such, i'm wondering if it's not them. They've been targeting game developpers often lately, some of their latest target includes Bethesda.

Ah yes, the 'tout' attack. Well I doubt they'll exist much longer after their denial of service attack
on cia.gov....

[Mulluns]

Didn't get an Email, but still changed my stuff none the less. This is getting silly, these attacks.

[Prior_Spuds]

 Really is getting to the point that we should simply declare "Open Season" on these clods! 

[ShadowStar83]

I didn't get an e-mail, so I'm assuming I'm fine...but I changed my password just for my own peace of mind.

[BellaStrega]

I look forward to seeing the CD key situation resolved.

[-Maxx-]

Hey guys, I'm in trouble while accessing http://accounts.bioware.com/ because I get redirected to http://www.bioware.com/ , so I can't access to my other account precluding me to recover my Bring Down The Sky Key and change the password.

What shall I do?

[Elementarteilchen]

Bioware shut the old NWN Forum down, so you probably can't do anything at the moment.

Сообщение изменено: Elementarteilchen, 17 Июнь 2011 - 10:41 .

[Omegaaa]

As it seems like the average IQ here seems to be below average, let me explain it for you, cracking games, cracking passwords, cracking websites, is a game of intelligence, it's mostly done for fun and to make others see how intelligent they are, if they can get passed some big companies security, then they win bragging rights and show off what they've done, look at lulzsec, they do a great job at what they do, they also didn't release the bethadas information because they actually like that company, and helped them become more secure, I hope you all know how hard it would be to actually track these people down, they're having fun with this game, and I rather enjoy seeing who they can outsmart next.

[Baaleos]

Omegaaa wrote...

As it seems like the average IQ here seems to be below average, let me explain it for you, cracking games, cracking passwords, cracking websites, is a game of intelligence, it's mostly done for fun and to make others see how intelligent they are, if they can get passed some big companies security, then they win bragging rights and show off what they've done, look at lulzsec, they do a great job at what they do, they also didn't release the bethadas information because they actually like that company, and helped them become more secure, I hope you all know how hard it would be to actually track these people down, they're having fun with this game, and I rather enjoy seeing who they can outsmart next.

But the truth is,
Cracking websites isnt that hard.

Social Engineering - Getting to know someone, so you can guess the password. Sometimes faster, but not as assured ot succeed.

Brute Force - No Effort needed, just turn it on, and leave it running, and it will get the password eventually, even if it takes a few years. Most websites protect against this via blocking an IP / Connection after x failed attempts.


Exploits - Common exploits involve guessing folder paths inside a web directory, and trying to get access to them, if the web developers havent put a blank index.php or some sort of .htaccess file in a folder, then the folders structure and contents are visible for all to see. Often, this can lead to the hackers getting into a config folder, looking at config.php's  and getting database connection info.
(Heck, you can even get into .forumer.com  protected forum pages, just by modifying the URL.)


The other things that lulzsec and Anonymous have been doing, is using loic (Low Orbit Ion Cannon), to bring websites offline.

This isnt a sign of superiority, or inteligence.
Infact, its easily tracable right to the address of the person who initiated the loic attack. (20+ People from Europe have been arrested this week alone for using it in Turkey and Spain)

All it does, is disallow access to the website, by people who want to access it.
The website is usually only inaccessible during the time that the attack is on-going, unless script issues get caused by the connectivity issue.

eg- WebServer 1 is under attack, but needs to contact Database Server 2 hosted off site...
Lack of connection might cause a script on WebServer 1 to run indefinitely, or to fail.


I will give Kudo's to Lulzsec for the Sony attack, even though I was affected by it, because Sony should have known better than to be storing our details in plaintext.
I have this image of some wee hacker, in my mind, and he browses into a directory, and see's a text file called
"PERSONAL_DATA.txt" and it happens to be like 1GB in size.

I then have this image in my mind, of the wee hacker, dragging this file onto his PC, and copying it, which takes about 3 hours....
And during this time, Sony Staff are having a tea break or watching the weather....

Completely hate Sony's Guts right now.

LulzSec seems to be on a crusade to force the game companies to tighten their security.

[BadPixie]

I *didn't* get an email from BioWare. Two days ago however I got an odd email from Blizzard about a WoW account being closed because it was being used for selling gold. I cancelled this account maybe 4 months ago and stopped paying a subscription so assumed it was closed. I replied and explained the situation and they looked into things and said that it looked like my account details had been compromised elsewhere and used. The only other thing I used the same login and password for is the BioWare NWN forums and my in game NWN account. I suspect this might not be a coincidence. I just hope my CD keys haven't been compromised also as they're kind of hard to replace.

[DragonRageGT]

BadPixie wrote...

I *didn't* get an email from BioWare. Two days ago however I got an odd email from Blizzard about a WoW account being closed because it was being used for selling gold. I cancelled this account maybe 4 months ago and stopped paying a subscription so assumed it was closed. I replied and explained the situation and they looked into things and said that it looked like my account details had been compromised elsewhere and used. The only other thing I used the same login and password for is the BioWare NWN forums and my in game NWN account. I suspect this might not be a coincidence. I just hope my CD keys haven't been compromised also as they're kind of hard to replace.

That Blizzard email is a fake... old fake scam.  I don't even have a WoW account and I always receive them! Just delete it!

I'm really concerned about my CD keys stored in the old NWN website. And my password there is different from here but now when I try to login with the old password it sends me here!  And I can't even change it? When are those forums coming back? (hmm... the old Neverwinter Nights: Welcome to BioWare's Neverwinter Nights (NWN) Community Site! is no more. It redirects to www.bioware.com and whatever b/s we enter in the login box there while already logged here will send us here...

PS.: This is in a different thread:

Update to NWN Forum Hack

Сообщение изменено: RageGT, 17 Июнь 2011 - 04:34 .

[fchopin]

It seems to be happening on many game forums, just got an email from SEGA.

Dear Fchopin,
As you may be aware, the SEGA Pass system has been offline since yesterday, Thursday 16 June.

Over the last 24 hours we have identified that unauthorised entry was gained to our SEGA Pass database.

We immediately took the appropriate action to protect our consumers’ data and isolate the location of the breach. We have launched an investigation into the extent of the breach of our public systems.

We have identified that a subset of SEGA Pass members emails addresses, dates of birth and encrypted passwords were obtained. To stress, none of the passwords obtained were stored in plain text.

Please note that no personal payment information was stored by SEGA as we use external payment providers, meaning your payment details were not at risk from this intrusion.

If you use the same login information for other websites and/or services as you do for SEGA Pass, you should change that information immediately.

We have also reset your password and all access to SEGA Pass has been temporarily suspended.

Additionally we recommend you please take extra caution if you should receive suspicious emails that ask for personal or sensitive information.

Therefore please do not attempt to login to SEGA Pass at present, we will communicate when the service becomes available.

We sincerely apologise for this incident and regret any inconvenience caused.

We are contacting all our members with these recommendations.

[BadPixie]

RageGT wrote...

BadPixie wrote...

I *didn't* get an email from BioWare. Two days ago however I got an odd email from Blizzard about a WoW account being closed because it was being used for selling gold. I cancelled this account maybe 4 months ago and stopped paying a subscription so assumed it was closed. I replied and explained the situation and they looked into things and said that it looked like my account details had been compromised elsewhere and used. The only other thing I used the same login and password for is the BioWare NWN forums and my in game NWN account. I suspect this might not be a coincidence. I just hope my CD keys haven't been compromised also as they're kind of hard to replace.

That Blizzard email is a fake... old fake scam.  I don't even have a WoW account and I always receive them! Just delete it!

Nope, not a fake. I can read SMTP headers which show that the last hop sending server was mx21.blizzard.com ([80.239.168.107]). Plus I sent a reply mail directly to WoWAccountReviewEU@blizzard.com who confirmed the problem as described above. Also hackers don't usually send follow up customer satisfaction survey posts from donotreply@blizzard.com

So either a massive coincidence or the two things are linked.

[Chris Priestly]

In case people have missed it, Aaryn Flynn as posted an update on this issue.

[Lazlopig]

Interesting. I registered my NWN products but at a time when I was reluctant to give out an email address. So long ago, I can't remember. I had an EA account as well, which was pretty much useless.

They claim in the EA answers section that only 18,000 accounts stored on a server in Edmonton were affected. Sounds fishy. Here is a link:

http://support.ea.co...etail/a_id/5367

And these game site hackers are not trying to be annoying. They are criminals after credit card and biographical info to steal identities and perpetrate future frauds. Video game sites are just a soft target to them.

[Chris Priestly]

Aaryn has posted a new update. Please see the original post for details.

[xmunitalp]

I just got this email, I honestly don't recall making a NWN forum account. So those emailed today also had account info stolen? or was I part of the 18k???

[Nizzemancer-1]

Ok seriously? I just got an email about this 22 minutes ago...Thanks for the super fast warning bioware...Not like I might want to change my passwords or anything fast if I suspect they might be compromised or anything...<_<

Not feeling the <3 here.

[Longbot]

I received this email. Here is some MUCH needed advice for any company when sending out these emails since the first thing people do in phishing emails is CLICK THE LINKS EMBEDDED IN THE EMAIL. I did several searches to determine if this email was legitimate.

From the FAQ regarding this problem:

Q: What should I do to protect myself?

A: You should be vigilant about any emails you receive that may appear to be legitimate but are actually intended to get you to:

•     Provide sensitive personal information (e.g., credit card or bank
account numbers, SSN’s, etc.): Click on links in the body of the message
that lead to websites asking you to login or to enter

Your email to "safeguard my information" runs exactly counter to what anyone should do in this situation: click on any links in the email.

Even your own FAQ tells you to not click on the links that want personal information, like, I don't know, my login info that the email links are asking for?

If I'm coming off as condescending that's because I am. This is dialup era identity protection.

[Maera Imrov]

xmunitalp wrote...

I just got this email, I honestly don't recall making a NWN forum account. So those emailed today also had account info stolen? or was I part of the 18k???

This. So far as I can recall, I don't remember making a NWN account, and while I own the game (bought it off GoG) and have the keys, I've never tried to go online with them to make/need said account. I pretty much played through HotU to see Valen and that was about it.

If it was the entire old Bioware boards (as in the KotOR 1 and whatnot) I stopped using that login and pass so long ago I don't even remember it, but it wasn't tied to the email I got this email in. So are they just sending it to everyone w/ an EA account now out of an abundance of caution?

[Enko63]

I agree with Longbot. My initial reaction when I got the email (6 minutes ago) was that it was a weak attempt to phish my account. I don't know if it was a coincidence but I got the email right after closing the window to Bioware's The Old Republic site. The timing seemed weird to me. I'm also wondering how big the breach was as I never played Neverwinter Nights.

If you ever need people to change their passwords, you might just want to send them to the website to change the password instead of providing a link in an email. I changed mine by going directly to the site and requesting a password change instead of through the link sent by Aaryn Flynn. I really hope this isn't the normal GM behavior we can expect from Bioware.

[LatentAlchemy]

Hello, and thank you for your response in regards to account security but the recent password reset of potentially affeccted accounts has caused a problem for me. My original EA/Bioware account was created quite a while ago and I have since lost access to the account it was created with. I have no way to recover access to my account since the reset information was sent to the dead address and had to create this new account to to be able to access the forums or EA's contact page. Who should I contact to rectify this or is it even possible since I've lost access to the old email and it was the account identifier?

Сообщение изменено: LatentAlchemy, 24 Июнь 2011 - 02:59 .

[rogershoe]

Got the e-mail as well. Lame as hell. So is EA going to give some kind of freebie to make up for potentially giving away our information? Sony did it and it's the least EA could do (in addition to making sure it isn't stolen again).

[dkwroot]

Well, my account is compromised and so is my email and credit card info connected to that! Wonderful!!!! Now I get to spend the next couple of days trying to clean up this mess...

[WilliamDecker]

I have a certain amount of reluctance in handing over a lot of information these days as many have discovered. It has become requirements to register any amount of information to ensure customer service for companies products. As such it is entirely Biowares responsibility to maintain the security of this data, or not request any of it to begin with.