328 replies to this topic

[Rooky2001]

THX PGI for my first Spam on my eMail Accounts. Your Database was hacked. And they got datas. eMails were copied and that is confirmed. Ive got 2 Spams (both identical) on my two eMail accounts today on the same time. One of these adresses is registred only here.

Great job.

[Desirsar]

From the sound of it, the script scaped user profiles for email addresses to include them on a spam list, and at no time touched anyone's passwords.

Suck it up and delete some spam mail. I've used the same email address since 1998 and get 1000 a day or more. I got over it.

[Rooky2001]

Desirsar, on 14 December 2012 - 08:54 AM, said:

From the sound of it, the script scaped user profiles for email addresses to include them on a spam list, and at no time touched anyone's passwords.

Suck it up and delete some spam mail. I've used the same email address since 1998 and get 1000 a day or more. I got over it.

So my eMail address can be read by everyone? My second account last login was on Jun 13th. So why they can get my email adress from that public profil.

Fail PGI.

[Desirsar]

I'll give you that one. They should have used a random identifier for each email address as the login name instead of the address itself. The script would only be able to collect that idenifier instead, unless the user manually entered their email address on their profile. (I always do, I like my forum posts to have a littering of icons underneath with my email address, ICQ number, AIM name, etc.)

[ClemFoster]

Desirsar, on 14 December 2012 - 08:54 AM, said:

From the sound of it, the script scaped user profiles for email addresses to include them on a spam list, and at no time touched anyone's passwords.

Suck it up and delete some spam mail. I've used the same email address since 1998 and get 1000 a day or more. I got over it.

You may have your e-mail in your profile but I do not. This seems to be deeper than just scraping.

[nom de guerre]

ClemFoster, on 14 December 2012 - 09:10 AM, said:

You may have your e-mail in your profile but I do not. This seems to be deeper than just scraping.

same here I never list contact info on forums to avoid spam.

[Rex Budman]

Freman hates win8 and Jesus.

Such a troll

[ClemFoster]

and santa claus

[Lin Shai]

Urza Mechwalker, on 14 December 2012 - 06:33 AM, said:

Impressive kids you have , since MD5 are non reversibles. If you do not have extra info as the lenght of the original content the nubmer of possible plain texts is literally INFINITE.

No, it's not "infinite"; it's a 128 bit number. That's very large, but also very finite.

MD5 has outlived it's usefulness when it comes to brute force once you have the MD5 hashes from a DB dump. While his kid isn't going to do it on his smart phone, using a machine full of GPUs and CUDA you can now brute force MD5 at a starting rate. The collision rate is also well documented.

Edit to add: and salting doesn't help. Once you brute force more than one non-colliding hashes, you can easily see what the salt is.

Edited by Lin Shai, 14 December 2012 - 11:07 AM.

[Mechwarrior Buddah]

didnt know there was an incident lol

[Mechwarrior Buddah]

lizardmech, on 14 December 2012 - 04:38 AM, said:

I have to say, it was nice of them to remind me not to buy windows 8.

I got a free update with my PC.

I downgraded about an hour after loading it up as theres a whole screen thats useless unless you have a touch screen

[OpCentar]

Kraven Kor, on 14 December 2012 - 06:50 AM, said:

Works out OK for EVE Online... and in that game, having your password hacked can result in, literally, thousands of dollars of lost stuff.

Good for them, I'm still not convinced by security established on "if it's good for them (and everyone else) - it's good (enough) for us" way.

I do not want to worry every time there's something fishy going on in the public forums. This latest failure has just increased my concerns, about which I wrote back in the CBT forums, regarding shared logins.

[bug3at3r]

Thontor, on 14 December 2012 - 11:32 AM, said:

tell me, what exactly are you worried about?

People getting his credit card number.

...wait a tick...

[OpCentar]

Thontor, on 14 December 2012 - 11:32 AM, said:

tell me, what exactly are you worried about?

Getting my login info stolen of course, what did you think I was worried about?

[MetMaschine]

I too received the spam mail. My email account is solely used for MWO and not shown in my profile for visitors! Therefor your database MUST have been compromised, and I advice EVERYONE to change their passwords!
It's a lame move to not admit the intrusion, PGI!

[bug3at3r]

MetMaschine, on 14 December 2012 - 11:55 AM, said:

I too received the spam mail. My email account is solely used for MWO and not shown in my profile for visitors! Therefor your database MUST have been compromised, and I advice EVERYONE to change their passwords!
It's a lame move to not admit the intrusion, PGI!

So many 1st time posters came out for this incident.

[Accuso]

guys... honestly... are you kidding me? or is it just so that you don't care that emailadresses gathered by the attacker are being used right now?

Bryan Ekman, on 13 December 2012 - 04:14 PM, said:

We can confirm:

• At no time were any databases containing personal information compromised. This includes e-mails and passwords.

this is fairly spoken... ********!
as of yesterday suddenly the same spamemail goes exclusively to mwo-players... the same sender... the same topic... the SAME EMAIL!

all of my lancemates and comrades have the same email... coincidence??? dont make me laught... yet you are still trying to lie to us...

this is unacceptable! and I DEMAND that you give us the actual information and an apology right away...

btw...here are the emaildetails for everyone to check:

from: fremanfighter@dune.com
date: 12. Dezember 2012 22:23
topic: Windows 8 Is Fail

[Columbit]

Bryan Ekman, on 13 December 2012 - 04:14 PM, said:

We can confirm:

• At no time were any databases containing personal information compromised.  This includes e-mails and passwords.
  
• PGI and IGP does not store, nor have access to any user credit card information.
  
• Account passwords are encrypted, salted, peppered and stored in databases not affected by today’s incident.

Stop lying! Me and my corpmates got spammails and faield logins on our email accounts! Most of us avoided mwomercs.com yesterday so the adresses came from PGI database. Sorry For the bad layout but i block any scripts from this site until this is over.

Edited by Columbit, 14 December 2012 - 12:16 PM.

[MetMaschine]

bug3at3r, on 14 December 2012 - 11:58 AM, said:

So many 1st time posters came out for this incident.

Actually this is just a second account, I'm a longtime vet. Surprisingly this is the only account I received the spam with, my main account seems not to have been compromised. Maybe they were stopped midway fishing the email addresses.
At all it doesn't change the facts.

[Zygwen]

I did not receive an email but I wonder if it is because my email provider might have filtered out the email.

So I'm wondering, has anyone gotten this spam email on a gmail, hotmail or yahoo account?