328 replies to this topic

[Bryan Ekman]

It has come to our attention that a vulnerability in our licensed forum software allowed a malicious redirect script to be injected.

• This has been discovered and removed.

We understand that you are very concerned about your private information, including email addresses, passwords and credit card information.



We can confirm:

• At no time were any databases containing personal information compromised. This includes e-mails and passwords.
  
• PGI and IGP does not store, nor have access to any user credit card information.
  
• Account passwords are encrypted, salted, peppered and stored in databases not affected by today’s incident.

Web and forum access to our site is now back to normal.



We’re sorry for any inconveniences this may have caused.

The MechWarrior Online Team

Edited by Kyle Polulak, 13 December 2012 - 07:52 PM.
S&P

[anonymous175]

Cool

[Crazycajun]

10-4 big buddy ...

Now back to our regularly schedule mech destructing and killing sprees

[Pyrrho]

Straight from the Ekman's mouth.

[Insidious Johnson]

Excellent turn around from start to end. Good job PGI. Now, about the rest of the bugs...

[Stone Wall]

PGI always on the ball.

[xxx WreckinBallRaj xxx]

If Emails weren't compromised, then how did someone send us that [Redacted] Windows 8 fail Email? Just curious.

Crazycajun, on 13 December 2012 - 04:17 PM, said:

10-4 big buddy ...

Now back to our regularly schedule mech destructing and killing sprees

And forum trolling.

Edited by Niko Snow, 13 December 2012 - 06:09 PM.
And forum moderating.

[Dirk Le Daring]

Good to read. Thanks for keeping us informed.

[Axeman1]

I was going to buy MC but someone in another thread said their paypal was compromised after they did...

[Odins Fist]

Thank You...

[shabowie]

Bluten, on 13 December 2012 - 04:19 PM, said:

If Emails weren't compromised, then how did someone send us that BS Windows 8 fail Email? Just curious.

I didn't receive that email.

[Stone Wall]

Axeman1, on 13 December 2012 - 04:20 PM, said:

I was going to buy MC but someone in another thread said their paypal was compromised after they did...

people also call everything OP

[bug3at3r]

I never got the email.

[xenoglyph]

Okay, so you're saying our emails were compromised by a script. How can we be sure our passwords weren't compromised as well? Also, it would be safe to assume that Moderator/Admin accounts had their auth cookies stolen during this time, potentially giving the attackers access to other things.

Why haven't you guys forced a password reset on all forum accounts since in game passwords are the same as forum passwords?

edit: I got the email on both of my forum accounts, including an account that hasn't logged on in WEEKS.

Edited by xenoglyph, 13 December 2012 - 04:24 PM.

[Myssi]

Well, these things can happen but I'm still a bit worried about possible future issues with databases or forum software.
Why don't we have the ability to change our passwords? Some people, like me, prefer to change all their passwords on certain times.
Nearly all other services I use give me the chance to switch my passwords if I so want to. Including things like Battlelog from EA, multiple MMO's and other forums. Why not here?
I'm sure I'm not the only one who wanted to change his password today, just to be sure.

Yeah yeah, call me paranoid but I don't take even the possibility of my login information leaking lightly.
I'm sure the encryption is good and does it's best to keep our information safe, but these things have been cracked and\or leaked before in the history if internets.
Why is there no external authenticator available, like one Blizzard offers for battle.net. Smart phone app that gives you a code that you need to input before you can log in? Or even the external authenticator dongle thingie they, and few other MMOs, used.

The authenticator might be a bit far fetched for a free-to-play title, but at least the ability to change the password would be nice. Or am I just so blind that I can't find it in the mwomercs page?

Edit; so apparently you can change your password with the 'forgot password' function as Ter Ushaka and Tice Daurus pointed out. Okay, cool. I'd personally still prefer that there was more obvious way to do it.

Edited by Myssi, 13 December 2012 - 04:38 PM.

[OpCentar]

This is why linking game accounts to forum ones is/was a bad idea.

[ARCTICF0X]

Chrome still reporting site as unsafe. Cannot even view webpage.

IE doesn't have this problem for me.

[bug3at3r]

The ability to change passwords would be nice.

[RobarGK]

I also did not receive the email, and someone else said that they knew people who received the email.that had nothing to do with MWO.

[Ter Ushaka]

To change password:
1. Log out
2. Go to log in
3. Click "forgot password."
4. Wait for email with further instructions.