328 replies to this topic

[Ter Ushaka]

Oh hell I've blown my cover.

South America, here I come!

[Fides]

Still would be nice if they would hide the date of birth and just give the age, to prevent identity theft.

[Tice Daurus]

Ter Ushaka, on 13 December 2012 - 04:58 PM, said:

Thank you for the recommendation but what I found was what most everyone else did, the javascript. The actual hunting through the haystack takes folks who know more about how the back-end is put together. Even with my rough understanding of how Kyle has structured the server setup for MWO, he's the much better option for this than I.

Hey, you might be a WoL/goon, but you're an first and foremost and unemployed squwaker, so I figured I'd give it a shot. Maybe they do need extra help, and why not give a brother a chance?

[Sears]

Kyle Polulak, on 13 December 2012 - 04:45 PM, said:

Only pages generated by the forum software were affected.
Login pages, buyMC pages, etc were not affected by this.

So what about these SPAM emails that a lot of us suddenly got? Nothing to do with attempting to log on when the servers were down?

either way password changed.

[Alcatraz968]

@ Bryan Ekman

What's up with the email almost everyone received about Window's 8 sucking???
You sure that emails were not gotten?

[Dark Severance]

Sears, on 13 December 2012 - 05:02 PM, said:

So what about these SPAM emails that a lot of us suddenly got?

Alcatraz968, on 13 December 2012 - 05:02 PM, said:

What's up with the email almost everyone received about Window's 8 sucking??? You sure that emails were not gotten?

What are you guys talking about? I never got any emails. I even checked my wifes emails as well as had my friends check theirs, they never received any emails.

[Tressa]

Sears, on 13 December 2012 - 05:02 PM, said:

So what about these SPAM emails that a lot of us suddenly got? Nothing to do with attempting to log on when the servers were down?

either way password changed.

That's always a good thing to do. As well as keeping different passwords for things like online games, email, forums Paypal account...

[Pyrrho]

Alcatraz968, on 13 December 2012 - 05:02 PM, said:

@ Bryan Ekman
What's up with the email almost everyone received about Window's 8 sucking???
You sure that emails were not gotten?

Before we go advancing this kind of worry, I and several others did not receive an e-mail like this. Also, a few people I saw said that they were warned about this specific e-mail from their places of employment and not from anything having to do with PGI / MW:O.

I do think it is awfully coincidental, but it may just be indicative of a larger scale phenomenon.

[Sears]

A lot of the threads on the forums that were deleted were talking about spam mail appearing in there spam folders. Some people who have dedicated emails for this game received the same email. Which is titled something to do with Windows 8 sucking by someone with an email address to do with Dune.

This was the spam email that people are talking about that appeared not long after server maintenance.

[Tice Daurus]

Dark Severance, on 13 December 2012 - 05:07 PM, said:

What are you guys talking about? I never got any emails. I even checked my wifes emails as well as had my friends check theirs, they never received any emails.

Dark, some of us DID get e-mails based from this attack. There were people who reported that they had MW:O only set up to an e-mail address that was specifically set up for just this game and NOTHING else. When they checked their e-mail this morning, they had the spam e-mail setup that WINDOWS 8 is FAIL. Now if they only used that e-mail for MW:O ONLY, that's pretty damn suspicious to me, wouldn't you think?

[Clownpuncher]

Passwords should be hashed not encrypted

http://stackoverflow...d-encrypting-it.

Can anyone confirm that passwords are encrypted.

[Aegis Kleais]

Well done PGI & Co.

Someone gave you guys a run for your money but it looks like you addressed it expeditiously. Nicely done.

Clownpuncher, on 13 December 2012 - 05:20 PM, said:

Passwords should be hashed not encrypted

http://stackoverflow...d-encrypting-it.

Can anyone confirm that passwords are encrypted.

I would think it would be best that they have both done to them.

A hashed password usually is just a MD5 checksum, and there are websites out there that have the checksums of MANY popular password combinations.

But if you encrypt the password too, the person has to figure our not only the algorithm used, but the key as well, making the chance to decipher it much harder than just standard hashing.

[light487]

Tice Daurus, on 13 December 2012 - 05:15 PM, said:

Dark, some of us DID get e-mails based from this attack. There were people who reported that they had MW:O only set up to an e-mail address that was specifically set up for just this game and NOTHING else. When they checked their e-mail this morning, they had the spam e-mail setup that WINDOWS 8 is FAIL. Now if they only used that e-mail for MW:O ONLY, that's pretty damn suspicious to me, wouldn't you think?

Yes but that doesn't prove the email was related to this.. spam/hoax/phishing emails are sent out by the millions every day to random email boxes all over the world. What about the people who received the same hoax email who are not PGI customers? A coincidence is just that.. a coincidence. I work in the fraud-prevention industry and this kind of roll-on scare effect happens EVERY time.. every single time people start to notice patterns that were there before but they weren't aware of them or simply didn't care about them before.. but now that something has made them a little more cautious, they are suddenly seeing all the patterns.

On a very quick search, this email has been sent to many people who are not related to MWO/PGI.. so it's just another email amongst the millions sent every day.

It's good to be cautious.. but no need to be paranoid.

Clownpuncher, on 13 December 2012 - 05:20 PM, said:

Passwords should be hashed not encrypted

http://stackoverflow...d-encrypting-it.

Can anyone confirm that passwords are encrypted.

They confirmed that they are encrypted in the first post of this thread.

[Solis Obscuri]

Kyle Polulak, on 13 December 2012 - 04:45 PM, said:

Only pages generated by the forum software were affected.

Yep, that's what McAfee choked on. Haven't had any issues accessing it through Firefox since the fix, not sure what the issue for Chrome is.

The e-mail thing is still confusing to me, though. How could someone get my address without at least accessing my forum user data (even if they didn't get into any deeper databases)?

[bug3at3r]

I got an email telling me to [Redacted].

Did anyone else get this?

Edited by Niko Snow, 13 December 2012 - 08:59 PM.
Explicit Content

[Inertiaman]

I got the email. Several clan members with mwo specific addresses for this signup got the email. The only excuse for this is someone not updating the forum software when they should. [REDACTED] This is officially my problem.

Edited by Viterbi, 13 December 2012 - 06:42 PM.
Removed offensive language

[Fais]

I know very little about cyber security, But the first threads on this forum were about malicious emails coming to users. It wasnt until 10-20 minutes later that the forum pages started to blow up.

[Felis]

Inertiaman, on 13 December 2012 - 05:34 PM, said:

... This is officially my problem.

Meh, either ultimatepay or paypal has your visa card info.
Unless you physically stuffed it into their servers.

[DerelictTomcat]

Firefox gave me the warning around 10 minutes ago. Checking again. NO EMAIL!

Some real miserable people breathing today eh?

Edited by DerelictTomcat, 13 December 2012 - 05:39 PM.

[Inertiaman]

Felis, on 13 December 2012 - 05:38 PM, said:

Meh, either ultimatepay or paypal has your visa card info.
Unless you physically stuffed it into their servers.

I'm sure that will make lots of people feel better about the rootkit exploit that the site was propagating for hours after the PA advert there. *****.