Jump to content

- - - - -

Dec 13Th Incident - Official Response


328 replies to this topic

#41 Ter Ushaka

    Member

  • PipPipPipPipPipPipPip
  • 600 posts
  • LocationGnomeregan, Dun Morogh

Posted 13 December 2012 - 05:00 PM

Oh hell I've blown my cover.

South America, here I come!

#42 Fides

    Member

  • PipPipPipPipPipPip
  • 214 posts
  • LocationUK

Posted 13 December 2012 - 05:01 PM

Still would be nice if they would hide the date of birth and just give the age, to prevent identity theft.

#43 Tice Daurus

    Member

  • PipPipPipPipPipPipPipPipPip
  • 2,001 posts
  • Facebook: Link
  • LocationOak Forest, IL

Posted 13 December 2012 - 05:02 PM

View PostTer Ushaka, on 13 December 2012 - 04:58 PM, said:

Thank you for the recommendation but what I found was what most everyone else did, the javascript. The actual hunting through the haystack takes folks who know more about how the back-end is put together. Even with my rough understanding of how Kyle has structured the server setup for MWO, he's the much better option for this than I. :)


Hey, you might be a WoL/goon, but you're an first and foremost and unemployed squwaker, so I figured I'd give it a shot. Maybe they do need extra help, and why not give a brother a chance?

#44 Sears

    Member

  • PipPipPipPipPipPipPip
  • Survivor
  • 973 posts
  • LocationU.K

Posted 13 December 2012 - 05:02 PM

View PostKyle Polulak, on 13 December 2012 - 04:45 PM, said:


Only pages generated by the forum software were affected.
Login pages, buyMC pages, etc were not affected by this.


So what about these SPAM emails that a lot of us suddenly got? Nothing to do with attempting to log on when the servers were down?

either way password changed.

#45 Alcatraz968

    Member

  • PipPipPipPipPipPip
  • 283 posts
  • LocationBehind You!

Posted 13 December 2012 - 05:02 PM

@ Bryan Ekman

What's up with the email almost everyone received about Window's 8 sucking???
You sure that emails were not gotten?

#46 Dark Severance

    Member

  • PipPipPipPipPipPipPipPip
  • Knight Errant
  • Knight Errant
  • 1,151 posts
  • Facebook: Link
  • LocationPortland, OR

Posted 13 December 2012 - 05:07 PM

View PostSears, on 13 December 2012 - 05:02 PM, said:

So what about these SPAM emails that a lot of us suddenly got?

View PostAlcatraz968, on 13 December 2012 - 05:02 PM, said:

What's up with the email almost everyone received about Window's 8 sucking??? You sure that emails were not gotten?


What are you guys talking about? I never got any emails. I even checked my wifes emails as well as had my friends check theirs, they never received any emails.

#47 Tressa

    Rookie

  • 9 posts
  • LocationAustria

Posted 13 December 2012 - 05:08 PM

View PostSears, on 13 December 2012 - 05:02 PM, said:

So what about these SPAM emails that a lot of us suddenly got? Nothing to do with attempting to log on when the servers were down?

either way password changed.


That's always a good thing to do. As well as keeping different passwords for things like online games, email, forums Paypal account...

#48 Pyrrho

    Member

  • PipPipPipPipPipPipPip
  • Bad Company
  • 854 posts

Posted 13 December 2012 - 05:12 PM

View PostAlcatraz968, on 13 December 2012 - 05:02 PM, said:

@ Bryan Ekman
What's up with the email almost everyone received about Window's 8 sucking???
You sure that emails were not gotten?


Before we go advancing this kind of worry, I and several others did not receive an e-mail like this. Also, a few people I saw said that they were warned about this specific e-mail from their places of employment and not from anything having to do with PGI / MW:O.

I do think it is awfully coincidental, but it may just be indicative of a larger scale phenomenon.

#49 Sears

    Member

  • PipPipPipPipPipPipPip
  • Survivor
  • 973 posts
  • LocationU.K

Posted 13 December 2012 - 05:14 PM

A lot of the threads on the forums that were deleted were talking about spam mail appearing in there spam folders. Some people who have dedicated emails for this game received the same email. Which is titled something to do with Windows 8 sucking by someone with an email address to do with Dune.

This was the spam email that people are talking about that appeared not long after server maintenance.

#50 Tice Daurus

    Member

  • PipPipPipPipPipPipPipPipPip
  • 2,001 posts
  • Facebook: Link
  • LocationOak Forest, IL

Posted 13 December 2012 - 05:15 PM

View PostDark Severance, on 13 December 2012 - 05:07 PM, said:


What are you guys talking about? I never got any emails. I even checked my wifes emails as well as had my friends check theirs, they never received any emails.


Dark, some of us DID get e-mails based from this attack. There were people who reported that they had MW:O only set up to an e-mail address that was specifically set up for just this game and NOTHING else. When they checked their e-mail this morning, they had the spam e-mail setup that WINDOWS 8 is FAIL. Now if they only used that e-mail for MW:O ONLY, that's pretty damn suspicious to me, wouldn't you think?

#51 Clownpuncher

    Member

  • Pip
  • Legendary Founder
  • Legendary Founder
  • 16 posts
  • LocationBoston

Posted 13 December 2012 - 05:20 PM

Passwords should be hashed not encrypted

http://stackoverflow...d-encrypting-it.

Can anyone confirm that passwords are encrypted.

#52 Aegis Kleais

    Member

  • PipPipPipPipPipPipPipPipPipPip
  • Legendary Founder
  • Legendary Founder
  • 6,003 posts

Posted 13 December 2012 - 05:22 PM

Well done PGI & Co.

Someone gave you guys a run for your money but it looks like you addressed it expeditiously. Nicely done.

View PostClownpuncher, on 13 December 2012 - 05:20 PM, said:

Passwords should be hashed not encrypted

http://stackoverflow...d-encrypting-it.

Can anyone confirm that passwords are encrypted.

I would think it would be best that they have both done to them.

A hashed password usually is just a MD5 checksum, and there are websites out there that have the checksums of MANY popular password combinations.

But if you encrypt the password too, the person has to figure our not only the algorithm used, but the key as well, making the chance to decipher it much harder than just standard hashing.

#53 light487

    Member

  • PipPipPipPipPipPipPipPip
  • Legendary Founder
  • Legendary Founder
  • 1,385 posts
  • LocationSydney, Australia

Posted 13 December 2012 - 05:27 PM

View PostTice Daurus, on 13 December 2012 - 05:15 PM, said:


Dark, some of us DID get e-mails based from this attack. There were people who reported that they had MW:O only set up to an e-mail address that was specifically set up for just this game and NOTHING else. When they checked their e-mail this morning, they had the spam e-mail setup that WINDOWS 8 is FAIL. Now if they only used that e-mail for MW:O ONLY, that's pretty damn suspicious to me, wouldn't you think?


Yes but that doesn't prove the email was related to this.. spam/hoax/phishing emails are sent out by the millions every day to random email boxes all over the world. What about the people who received the same hoax email who are not PGI customers? A coincidence is just that.. a coincidence. I work in the fraud-prevention industry and this kind of roll-on scare effect happens EVERY time.. every single time people start to notice patterns that were there before but they weren't aware of them or simply didn't care about them before.. but now that something has made them a little more cautious, they are suddenly seeing all the patterns.

On a very quick search, this email has been sent to many people who are not related to MWO/PGI.. so it's just another email amongst the millions sent every day.

It's good to be cautious.. but no need to be paranoid.

View PostClownpuncher, on 13 December 2012 - 05:20 PM, said:

Passwords should be hashed not encrypted

http://stackoverflow...d-encrypting-it.

Can anyone confirm that passwords are encrypted.


They confirmed that they are encrypted in the first post of this thread.

#54 Solis Obscuri

    Don't Care How I Want It Now!

  • PipPipPipPipPipPipPipPipPip
  • The DeathRain
  • The DeathRain
  • 4,751 posts
  • LocationPomme de Terre

Posted 13 December 2012 - 05:30 PM

View PostKyle Polulak, on 13 December 2012 - 04:45 PM, said:

Only pages generated by the forum software were affected.

Yep, that's what McAfee choked on. Haven't had any issues accessing it through Firefox since the fix, not sure what the issue for Chrome is.

The e-mail thing is still confusing to me, though. How could someone get my address without at least accessing my forum user data (even if they didn't get into any deeper databases)?

#55 bug3at3r

    Member

  • PipPipPipPipPipPip
  • 275 posts

Posted 13 December 2012 - 05:31 PM

I got an email telling me to [Redacted].

Did anyone else get this?

Edited by Niko Snow, 13 December 2012 - 08:59 PM.
Explicit Content


#56 Inertiaman

    Member

  • PipPipPipPipPipPipPip
  • 865 posts

Posted 13 December 2012 - 05:34 PM

I got the email. Several clan members with mwo specific addresses for this signup got the email. The only excuse for this is someone not updating the forum software when they should. [REDACTED] This is officially my problem.

Edited by Viterbi, 13 December 2012 - 06:42 PM.
Removed offensive language


#57 Fais

    Member

  • PipPipPipPipPip
  • Legendary Founder
  • Legendary Founder
  • 146 posts
  • LocationCharlotte, NC

Posted 13 December 2012 - 05:37 PM

I know very little about cyber security, But the first threads on this forum were about malicious emails coming to users. It wasnt until 10-20 minutes later that the forum pages started to blow up.

#58 Felis

    Member

  • PipPip
  • Bridesmaid
  • Bridesmaid
  • 23 posts

Posted 13 December 2012 - 05:38 PM

View PostInertiaman, on 13 December 2012 - 05:34 PM, said:


... This is officially my problem.


Meh, either ultimatepay or paypal has your visa card info.
Unless you physically stuffed it into their servers.

#59 DerelictTomcat

    Member

  • PipPipPipPipPipPip
  • Legendary Founder
  • Legendary Founder
  • 245 posts
  • Twitter: Link
  • Twitch: Link
  • LocationEast Coast USA

Posted 13 December 2012 - 05:38 PM

Firefox gave me the warning around 10 minutes ago. Checking again. NO EMAIL!

Some real miserable people breathing today eh?

Edited by DerelictTomcat, 13 December 2012 - 05:39 PM.


#60 Inertiaman

    Member

  • PipPipPipPipPipPipPip
  • 865 posts

Posted 13 December 2012 - 05:39 PM

View PostFelis, on 13 December 2012 - 05:38 PM, said:


Meh, either ultimatepay or paypal has your visa card info.
Unless you physically stuffed it into their servers.


I'm sure that will make lots of people feel better about the rootkit exploit that the site was propagating for hours after the PA advert there. *****.





5 user(s) are reading this topic

0 members, 5 guests, 0 anonymous users