Jump to content

- - - - -

Dec 13Th Incident - Official Response


339 replies to this topic

#1 Bryan Ekman

    Creative Director

  • Administrators
  • 1,092 posts
  • Twitter: Link
  • LocationVancouver, BC

Posted 13 December 2012 - 04:14 PM

It has come to our attention that a vulnerability in our licensed forum software allowed a malicious redirect script to be injected.
  • This has been discovered and removed.
We understand that you are very concerned about your private information, including email addresses, passwords and credit card information.



We can confirm:
  • At no time were any databases containing personal information compromised. This includes e-mails and passwords.
  • PGI and IGP does not store, nor have access to any user credit card information.
  • Account passwords are encrypted, salted, peppered and stored in databases not affected by today’s incident.
Web and forum access to our site is now back to normal.



We’re sorry for any inconveniences this may have caused.

The MechWarrior Online Team

Edited by Kyle Polulak, 13 December 2012 - 07:52 PM.
S&P


#2 Zeno Scarborough

    Member

  • Members
  • PipPipPipPipPipPipPipPip
  • 1,195 posts

Posted 13 December 2012 - 04:16 PM

Cool

#3 Crazycajun

    Member

  • Legendary Founder
  • 354 posts
  • Facebook: Link
  • LocationLouisiana

Posted 13 December 2012 - 04:17 PM

10-4 big buddy ...

Now back to our regularly schedule mech destructing and killing sprees

#4 Pyrrho

    Member

  • Members
  • PipPipPipPipPipPipPip
  • 788 posts

Posted 13 December 2012 - 04:17 PM

Straight from the Ekman's mouth.

#5 Insidious Johnson

    Member

  • Legendary Founder
  • 2,389 posts
  • Location"This is Johnson, I'm cored"

Posted 13 December 2012 - 04:17 PM

Excellent turn around from start to end. Good job PGI. Now, about the rest of the bugs...

#6 Stone Wall

    Member

  • Veteran Founder
  • 834 posts
  • LocationSouth Carolina

Posted 13 December 2012 - 04:17 PM

PGI always on the ball.

#7 Bluten

    Member

  • Legendary Founder
  • 3,843 posts

Posted 13 December 2012 - 04:19 PM

If Emails weren't compromised, then how did someone send us that [Redacted] Windows 8 fail Email? Just curious.

View PostCrazycajun, on 13 December 2012 - 04:17 PM, said:

10-4 big buddy ...

Now back to our regularly schedule mech destructing and killing sprees


And forum trolling.

Edited by Niko Snow, 13 December 2012 - 06:09 PM.
And forum moderating.


#8 Dirk Le Daring

    Member

  • Legendary Founder
  • 1,539 posts
  • LocationAustralia

Posted 13 December 2012 - 04:20 PM

Good to read. Thanks for keeping us informed.

#9 Axeman1

    Member

  • Members
  • PipPipPipPipPipPip
  • 311 posts

Posted 13 December 2012 - 04:20 PM

I was going to buy MC but someone in another thread said their paypal was compromised after they did...

#10 Odins Fist

    Member

  • Members
  • PipPipPipPipPipPipPipPipPip
  • 2,642 posts
  • LocationThe North

Posted 13 December 2012 - 04:21 PM

Thank You...

#11 shabowie

    Member

  • Legendary Founder
  • 877 posts

Posted 13 December 2012 - 04:22 PM

View PostBluten, on 13 December 2012 - 04:19 PM, said:

If Emails weren't compromised, then how did someone send us that BS Windows 8 fail Email? Just curious.


I didn't receive that email.

#12 Stone Wall

    Member

  • Veteran Founder
  • 834 posts
  • LocationSouth Carolina

Posted 13 December 2012 - 04:22 PM

View PostAxeman1, on 13 December 2012 - 04:20 PM, said:

I was going to buy MC but someone in another thread said their paypal was compromised after they did...


people also call everything OP

#13 bug3at3r

    Member

  • Members
  • PipPipPipPipPipPip
  • 275 posts

Posted 13 December 2012 - 04:22 PM

I never got the email.

#14 xenoglyph

    Member

  • Members
  • PipPipPipPipPipPipPipPip
  • 1,480 posts
  • LocationSan Diego

Posted 13 December 2012 - 04:24 PM

Okay, so you're saying our emails were compromised by a script. How can we be sure our passwords weren't compromised as well? Also, it would be safe to assume that Moderator/Admin accounts had their auth cookies stolen during this time, potentially giving the attackers access to other things.

Why haven't you guys forced a password reset on all forum accounts since in game passwords are the same as forum passwords?

edit: I got the email on both of my forum accounts, including an account that hasn't logged on in WEEKS.

Edited by xenoglyph, 13 December 2012 - 04:24 PM.


#15 Myssi

    Member

  • Legendary Founder
  • 97 posts
  • LocationFinland

Posted 13 December 2012 - 04:27 PM

Well, these things can happen but I'm still a bit worried about possible future issues with databases or forum software.
Why don't we have the ability to change our passwords? Some people, like me, prefer to change all their passwords on certain times.
Nearly all other services I use give me the chance to switch my passwords if I so want to. Including things like Battlelog from EA, multiple MMO's and other forums. Why not here?
I'm sure I'm not the only one who wanted to change his password today, just to be sure.

Yeah yeah, call me paranoid but I don't take even the possibility of my login information leaking lightly.
I'm sure the encryption is good and does it's best to keep our information safe, but these things have been cracked and\or leaked before in the history if internets.
Why is there no external authenticator available, like one Blizzard offers for battle.net. Smart phone app that gives you a code that you need to input before you can log in? Or even the external authenticator dongle thingie they, and few other MMOs, used.

The authenticator might be a bit far fetched for a free-to-play title, but at least the ability to change the password would be nice. Or am I just so blind that I can't find it in the mwomercs page?

Edit; so apparently you can change your password with the 'forgot password' function as Ter Ushaka and Tice Daurus pointed out. Okay, cool. I'd personally still prefer that there was more obvious way to do it.

Edited by Myssi, 13 December 2012 - 04:38 PM.


#16 OpCentar

    Member

  • Legendary Founder
  • 547 posts

Posted 13 December 2012 - 04:28 PM

This is why linking game accounts to forum ones is/was a bad idea.

#17 ARCTICF0X

    Member

  • Members
  • PipPipPip
  • 69 posts

Posted 13 December 2012 - 04:29 PM

Chrome still reporting site as unsafe. Cannot even view webpage.

IE doesn't have this problem for me.

#18 bug3at3r

    Member

  • Members
  • PipPipPipPipPipPip
  • 275 posts

Posted 13 December 2012 - 04:31 PM

The ability to change passwords would be nice.

#19 RobarGK

    Member

  • Legendary Founder
  • The Determined
  • The Determined
  • 126 posts
  • LocationNova Scotia, Canada

Posted 13 December 2012 - 04:33 PM

I also did not receive the email, and someone else said that they knew people who received the email.that had nothing to do with MWO.

#20 Ter Ushaka

    Member

  • Legendary Founder
  • 590 posts
  • LocationGnomeregan, Dun Morogh

Posted 13 December 2012 - 04:33 PM

To change password:
1. Log out
2. Go to log in
3. Click "forgot password."
4. Wait for email with further instructions.





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users