328 replies to this topic

[DerelictTomcat]

Well I guess I am done with these forums. Warning was back up last night when I tried to come back and is now up yet again as I was reading something.

PGI apparently you have things that need to be worked out with the security of these forums. Day two now and the third time in under 24 hours that I have seen this warning pop up after it was corrected.

Whats the deal?

[OpCentar]

Thontor, on 14 December 2012 - 11:55 AM, said:

Login info is two things... Your password is safe with PGI... Encrypted and all that.

It's up to you to make it difficult to guess the password of course.

And even if they do get both pieces of information, what are they goin to do with it? I suppose they might sell it to someone who wants an account with lots of stuff on it. But it shouldnt be hard to get back if you report it, and they could probably even revert the account to what it was.

I highly doubt there's a market for MWO accounts anyways..

I'm not so sure my password is safe. This, proprietary is it?, forum software has failed in my eyes as a customer.
Using MD5 checksums, which are also not safe, deepens my skepticism.

Yes, the worst thing that can happen to me is waking up to an empty mech bay or perhaps having somebody abusing my forum profile and in game identity. But brushing aside risks, agreed with limited (known) potential damage is again not something I approve. Not when there's a simple way to avoid it by separating forum and in game accounts, or adding two factor authentication which is the better way.

I agree about restoring my account via support.

Regarding a market for MWO accounts, take a look at WoT. They said the same thing yet there is definitely a demand for those accounts. At least in Europe and Russia.

I predict the same after we get Community Warfare going.


Although PGI panicked a bit with all those forum topic locks, they did come clean in the end and that's good. Then again, having your site blacklisted by Google and every major antimalware software isn't something you can hide.

So I'm not panicking here - just stating my point of view as an alternative to "don't worry about it - it's fixed" general opinion.

Edited by OpCentar, 14 December 2012 - 12:37 PM.

[DerelictTomcat]

Another forum I use was attacked a few months ago a script was used to send emails to the accounts without even seeing our addresses. This is probably similar.

An email is not a concern unless it has a link and you clicked it.

As far as I understand these things.

Now the warning being back well that is a real issue.

[ZealotTheFallen]

been hit by the page warning also just to let someone know it is not gone yet

been hit by the page warning still just to let someone know it is not gone yet

[Accuso]

Thontor, on 14 December 2012 - 12:15 PM, said:

not exclusively to MWO players. There are reports of people receiving these in other forums as well. It was a breach in the software used for the forums, other forums use the same software.

Neither of the email accounts I have used for MWO got that spam by the way... Yes I checked my spam folder.

allright... fair is fair... others may have gotten the same email...
and yes the forum software was hacked and not pgi or mwo in particular! BUT... the problem is... they lied anyway...

fact is that there are spamemails going out to players of mwo without any connection to each other... some players might get them... some players dont... but this cant be a coincidence... and therefore the emailadresses HAVE to come from here...
yet pgi still tells us that our emails are safe... so they are lying!

[focuspark]

Columbit, on 14 December 2012 - 12:14 PM, said:

Stop lying! Me and my corpmates got spammails and faield logins on our email accounts! Most of us avoided mwomercs.com yesterday so the adresses came from PGI database. Sorry For the bad layout but i block any scripts from this site until this is over.

Lol I've been using WinRT IE10 which has a bug in it that disallows mwomercs.com's javascript from working. I thought IE sucked, but it looks like it has been blocking the hack script even if it was by accident. :-p

[DerelictTomcat]

ZealotTheFallen, on 14 December 2012 - 12:34 PM, said:

been hit by the page warning also just to let someone know it is not gone yet

been hit by the page warning still just to let someone know it is not gone yet

Funny it seemed to come back as I was switching between pages yet now it is gone again.

[focuspark]

Lon3Wo1f, on 13 December 2012 - 06:57 PM, said:

"We can confirm:At no time were any databases containing personal information compromised. This includes e-mails and passwords."

Perhaps you can explain why I received two identical spam emails to two addresses used exclusively with MWO if this is true. It was what first made me think there was a hack / exploit problem. I came to the forums and got the "Reported Attack Site" message.

JavaScript on the page watched you type your email as a username (really stupid practice on IGP's part here) and reported it to its master.

[Lin Shai]

Thontor, on 14 December 2012 - 12:46 PM, said:

so many other games use an email address for a username, and the same login info for the website and game... As long as the passwords are secure and encrypted, I don't see the issue.... So they get my password... So spam emails I never see get sent to that email..

You realize that many of those sites and games still use MD5 hashes for that "encryption" part, right?

As I mentioned ... that's no longer secure. But there are tons of developers that don't know that, even though it's been widely publicized.

LinkedIn. You'd think they'd know about this, right? Not so much. They were breached and when the dump of hashes was made public it was used as the poster child for why MD5 is bad. Box full of GPUs, brute forcing, and presto - your pasword isn't secure.

Coda Hale has an excellent writeup about this: http://codahale.com/...ore-a-password/

[GrunHerz]

focuspark, on 14 December 2012 - 12:41 PM, said:

JavaScript on the page watched you type your email as a username (really stupid practice on IGP's part here) and reported it to its master.

I also use an unique email account with MWO. Only after I got the email, I went to check out the forums and had my AV yelling 'watch out'.I wasn't logged on the website/forum for months. So, it was not harvested on the site by that script, nope, I think the database was comprimised, at least for a while. My earlier posts yesterday were all deleted.

Edited by GrunHerz, 14 December 2012 - 01:41 PM.

[Tirick Fire]

This morning was clear and when I came to the sight 10-20 min ago, no warnings, then suddenly it popped up again after viewing a few topics.

[STRONG LIKE BEAR]

Firefox has been listing your site as an attack site intermittently throughout the day. Once again you are listed as an attack site.

Oh, and before someone chimes in with their AOL help desk tips, yes, I've cleared the cache.

Fix your **** PGI

[Squigles]

Indeed, the warnings are popping back up for me as well despite being clear earlier. And if I might ask, please be sure about any information that gets posted in the future. Kyle Poulak's confirmation in the "Blackhole Exploit?" thread (now deleted) that it was a false positive and a result of "malware detection signature was put into peoples definition files recently that treats an official script as being malicious." had me telling a few friends that the site was clean.

If they've been infected I'll never hear the end of it.

[GrunHerz]

* deleted brain fart *

Edited by GrunHerz, 14 December 2012 - 03:56 PM.

[Stickjock]

Just my experience, but I've been on/off the site all day long now since 6:00am central time (currently 4:07pm central time) and absolutely no problems with Chrome... no warnings, nothing...

[Kogrim]

Thontor, on 14 December 2012 - 11:55 AM, said:

And even if they do get both pieces of information, what are they goin to do with it? I suppose they might sell it to someone who wants an account with lots of stuff on it. But it shouldnt be hard to get back if you report it, and they could probably even revert the account to what it was.

In general, the goals are usually:

• 
  Obtain in-game items to sell for real money. Since MWO doesn't have trading or a real in-game economy, this probably isn't a motivation.
  
• 
  Obtain passwords, which can then be tested against other accounts, which may or may not belong to the same user. This is what happened with the plentyoffish.com hack... the passwords, of which many were re-used, were used to log into other accounts. I wouldn't be surprised if many, many of the passwords for MWO matched the passwords for the email accounts they're connected to. (A number of my own users had their university accounts hacked right after the PoF attack... and yes, they were PoF users...)
  
• 
  Obtain emails which can be sold to spammers. "Confirmed" accounts go for more money than scraped addresses.
  
• 
  And finally, some do it just to cause chaos. Yes, if you log in one day to find your mech bays empty, PGI can probably recover your stuff, but for the length of time it takes to do so, your time is wasted, PGI's time is wasted, and many players will give up and quit.

[Kristov Kerensky]

No warnings from Chrome today for the MWO website or forums. Also no spam email concerning Win8 yesterday or today, and that's kind of funny since the email used for this account here isn't a one off for this game only, it's used for multiple game accounts varying from MMOs to FPSs and still not a single Win8 spam mail. I really think that spam mail was a blind mass email campaign, not a directed one, since I checked my WIFE'S email and she did get the Win8 spam on her account, which isn't tied to ANY game any where...

Nothing wrong with a little paranoia, but really folks, some of you are going way overboard with it...knew I should have bought stock in aluminum foil...

[IIIuminaughty]

OH GAWD!!

[Alfred VonGunn]

ARCTICF0X, on 13 December 2012 - 04:29 PM, said:

Chrome still reporting site as unsafe. Cannot even view webpage.

IE doesn't have this problem for me.

That would be because most things from Micro Sponge are not really worried about security:)

[Kahoumono]

I haven't had had the chrome warning or spam email either. It seems sort of coincidental that this happened just as MWO was making a push to do some business with a MC sale.