Jump to content

- - - - -

Dec 13Th Incident - Official Response


328 replies to this topic

#81 anonymous175

    Member

  • PipPipPipPipPipPipPipPip
  • Bad Company
  • 1,195 posts

Posted 13 December 2012 - 06:12 PM

Your own?

#82 Ter Ushaka

    Member

  • PipPipPipPipPipPipPip
  • 600 posts
  • LocationGnomeregan, Dun Morogh

Posted 13 December 2012 - 06:13 PM

*dramatic sting*
Maybe they were the one that wanted the PGI job all along, not me!

#83 Sparks Murphey

    Member

  • PipPipPipPipPipPipPipPipPip
  • Bridesmaid
  • Bridesmaid
  • 2,953 posts
  • LocationAdelaide, Australia

Posted 13 December 2012 - 06:20 PM

Stepping away from the vehemence and vitriol, may I suggest that PGI make an official statement outside these forums as well? So far, we've got a statement saying that "Don't worry, the forums aren't toxic," but that's been made on the forums themselves, which no one who is still unsure about the safety of the forums is going to be reading. A post on Twitter and Facebook, possibly linking to a page hosted on either the PGI or IGP domains, would help communicate that.

#84 -Kite-Man-

    Member

  • PipPipPipPipPip
  • Ace Of Spades
  • Ace Of Spades
  • 117 posts

Posted 13 December 2012 - 06:20 PM

View PostBryan Ekman, on 13 December 2012 - 04:14 PM, said:

  • At no time were any databases containing personal information compromised. This includes e-mails and passwords.
  • PGI and IGP does not store, nor have access to any user credit card information.
  • Account passwords are encrypted and stored in databases not affected by today’s incident.


OK, but could there conceivably have been some keylogging or software installed as a result of the vulnerability?

I appreciate that the password server wasn't breached, but is there a potential threat to our login information separate from that?

Do you have any reccomended course of action, IE should we run an malware scan?

#85 Elddric

    Member

  • PipPip
  • 33 posts
  • LocationMD.US.North-America@Earth.Sol.Milkyway

Posted 13 December 2012 - 06:22 PM

I did not receive this email. Perhaps the script didnt do what you think and just mailed people who logged in because they showed as online.using the send me a message part of the forum? There are ways to send mail without having to steal the data.

Edited by Elddric, 13 December 2012 - 06:23 PM.


#86 nom de guerre

    Member

  • PipPipPipPipPip
  • 185 posts
  • LocationNew Avalon

Posted 13 December 2012 - 06:24 PM

View PostBucklar, on 13 December 2012 - 06:20 PM, said:

IE should we run an malware scan?


you should eb doing that regularly anyway...

#87 DerelictTomcat

    Member

  • PipPipPipPipPipPip
  • Legendary Founder
  • Legendary Founder
  • 245 posts
  • Twitter: Link
  • Twitch: Link
  • LocationEast Coast USA

Posted 13 December 2012 - 06:24 PM

^ THIS!

View PostElddric, on 13 December 2012 - 06:22 PM, said:

I did not receive this email. Perhaps the script didnt o what you think and just mailed people who logged in because they showed as online.using the send me a message part of the forum? There are ways to send mail without having to steal the data.


^ and THIS!

There is also ways to teach and inform others without having a hissy fit. More people might be prone to listen.

Edited by DerelictTomcat, 13 December 2012 - 06:24 PM.


#88 nom de guerre

    Member

  • PipPipPipPipPip
  • 185 posts
  • LocationNew Avalon

Posted 13 December 2012 - 06:25 PM

View PostDerelictTomcat, on 13 December 2012 - 06:24 PM, said:


There is also ways to teach and inform others without having a hissy fit. More people might be prone to listen.


but its the internet wheres the fun in that?

#89 Sparks Murphey

    Member

  • PipPipPipPipPipPipPipPipPip
  • Bridesmaid
  • Bridesmaid
  • 2,953 posts
  • LocationAdelaide, Australia

Posted 13 December 2012 - 06:28 PM

Ah, Inertiaman. Once he gets his rage going, you can't stop him. No amount of logical argument, appeals to reason or outright account banning can stand in his path.

#90 xImpalerx

    Over-Caffeinated

  • PipPipPip
  • Wrath
  • Wrath
  • 59 posts

Posted 13 December 2012 - 06:29 PM

I gotta say, you guys are on the ball with this... I was JUST ABOUT to respond to my own post with this comment a few minutes after my post........


"Didn't see the post earlier.. seems that firefox users are having the issue too. The thread for this topic has already been posted HERE...
http://YOU-ARE-ALREADY-AT-THE-THREAD

Sorry for the extra post on the issue.. just found it myself."

........BUT... it was already locked!! d'oh! good job on keeping an eye on the problem guys :)

#91 DerelictTomcat

    Member

  • PipPipPipPipPipPip
  • Legendary Founder
  • Legendary Founder
  • 245 posts
  • Twitter: Link
  • Twitch: Link
  • LocationEast Coast USA

Posted 13 December 2012 - 06:33 PM

Bashing the company does nothing. I'm sure if important information were compromised they would have taken more drastic steps in securing things and informing us of actions to be taken.

It isn't their job to teach anyone about keeping their personal computer secure and safe its their job to make this game I enjoy so much.

As an employer anything an employee does on my network ultimately belongs to me. I can see an employer saying access to a gaming forum is off limits just because you should be working.

peace

Edited by DerelictTomcat, 13 December 2012 - 06:36 PM.


#92 xImpalerx

    Over-Caffeinated

  • PipPipPip
  • Wrath
  • Wrath
  • 59 posts

Posted 13 December 2012 - 06:35 PM

O.o I hacked everyone's stuff.. now.. AYBABTU
(don't ban me.. I'm just kidding) XD

#93 Elddric

    Member

  • PipPip
  • 33 posts
  • LocationMD.US.North-America@Earth.Sol.Milkyway

Posted 13 December 2012 - 06:35 PM

Dude. Till you see the exploit how about just posting your disappointment once and moving on. Maybe they are right and nothing was taken. Just a bit of mass mailings.....

Edited by Elddric, 13 December 2012 - 06:40 PM.


#94 nom de guerre

    Member

  • PipPipPipPipPip
  • 185 posts
  • LocationNew Avalon

Posted 13 December 2012 - 06:39 PM

FYI: logged in/out repeatedly during the attack, and per the McAfee corporate av suit we run at work nothing was D/L'd to this computer.

#95 xImpalerx

    Over-Caffeinated

  • PipPipPip
  • Wrath
  • Wrath
  • 59 posts

Posted 13 December 2012 - 06:47 PM

View PostxImpalerx, on 13 December 2012 - 06:35 PM, said:

O.o I hacked everyone's stuff.. now.. AYBABTU
(don't ban me.. I'm just kidding) XD

........why do I get the feeling that every mod is double checking my login's and IP address to make sure it wasn't me? ....*gulp*

#96 Lon3Wo1f

    Member

  • PipPipPipPipPip
  • Legendary Founder
  • Legendary Founder
  • 156 posts
  • LocationUK

Posted 13 December 2012 - 06:57 PM

"We can confirm:At no time were any databases containing personal information compromised. This includes e-mails and passwords."

Perhaps you can explain why I received two identical spam emails to two addresses used exclusively with MWO if this is true. It was what first made me think there was a hack / exploit problem. I came to the forums and got the "Reported Attack Site" message.

#97 DivideByZer0

    Member

  • PipPipPipPipPipPip
  • Bad Company
  • Bad Company
  • 257 posts

Posted 13 December 2012 - 07:00 PM

What do we do if we are having a problem with a redirect virus now ? I just ran AVG and reinstalled opera.... like 6 times.

#98 Lin Shai

    Member

  • PipPipPipPipPipPipPipPipPip
  • 2,401 posts
  • Facebook: Link
  • LocationDenver, CO

Posted 13 December 2012 - 07:11 PM

Ahem. I have two accounts in MWO, using two emails on domains that I own and control and one of them isn't an alias I use for anything else.

At 5:40p MST I received the "Windows 8 is Fail" email to both of them. And yet, not to any other email alias on those domains. One of them I have not logged into today either in-game or on the site.

I don't know what's worse, PGI lying about it (although it may just be that they literally are that clueless and have no idea ... ), or the white knighting going on.

Seriously folks ... change your password, at the very least. Though more than likely they're just selling emails to spammers when they found no billing/financial info.

Thankfully I wasn't accessing the site on my Windoze machine, because the malware probably delivered a payload. I would highly suggest scanning your machine if your browser didn't prevent you from getting to the site or you didn't have active anti-virus to stop the download from occurring.

Edited by Lin Shai, 13 December 2012 - 07:22 PM.


#99 xenoglyph

    Member

  • PipPipPipPipPipPipPipPip
  • 1,480 posts
  • LocationSan Diego

Posted 13 December 2012 - 07:23 PM

IF the database wasn't dumped (big if) then the attack consisted of taking over a super moderator/admin account and then crawling through user list and grabbing emails.

Why do I say that? I got the famous spam email on an account that hasn't logged on in weeks.

#100 TruePoindexter

    Member

  • PipPipPipPipPipPipPipPipPip
  • 2,605 posts
  • Facebook: Link
  • Location127.0.0.1

Posted 13 December 2012 - 07:31 PM

View PostLin Shai, on 13 December 2012 - 07:11 PM, said:

Ahem. I have two accounts in MWO, using two emails on domains that I own and control and one of them isn't an alias I use for anything else.

At 5:40p MST I received the "Windows 8 is Fail" email to both of them. And yet, not to any other email alias on those domains. One of them I have not logged into today either in-game or on the site.

I don't know what's worse, PGI lying about it (although it may just be that they literally are that clueless and have no idea ... ), or the white knighting going on.

Seriously folks ... change your password, at the very least. Though more than likely they're just selling emails to spammers when they found no billing/financial info.

Thankfully I wasn't accessing the site on my Windoze machine, because the malware probably delivered a payload. I would highly suggest scanning your machine if your browser didn't prevent you from getting to the site or you didn't have active anti-virus to stop the download from occurring.


I have not received the email. If the forum was compromised first I should have received it. Since I did not receive it and we know the forum was compromised afterwards I'm going to go with an external source of emails was found or whoever it was that did this simply pieced together functioning email addresses through deciphering what people post on the forums. Once someone was dumb enough to click the link and forfeit their login information it's child's play to then behave as a user and inject illicit code. From there perhaps additional emails were scraped through cookies and other sources.

The major issues are that they need to close whatever injection vulnerability existed and get blacklists to remove them. As the forum software itself is licensed it's probably not even PGI's fault that the vulnerability existed to begin with - whoever developed it did a poor job of accounting for all injection points. Removing mwomercs.com from the blacklists will imply take time and I'm sure they've already gotten started on it.

I understand Lin Shai that you really don't like PGI and IGP for some reason. I think it borders on irrational at points but you're welcome to your opinion. Please however refrain from discussing security matters that you do not understand. It makes you disingenuous at best gives people the wrong impression.

View Postxenoglyph, on 13 December 2012 - 07:23 PM, said:

IF the database wasn't dumped (big if) then the attack consisted of taking over a super moderator/admin account and then crawling through user list and grabbing emails.

Why do I say that? I got the famous spam email on an account that hasn't logged on in weeks.


Emails are easy to guess since most users tend to use similar names across the board. Further many people use the same email through multiple gaming networks. As an example WoW accounts most of the time are almost never compromised through battle.net but rather through malicious ads placed on popular community sites such as mmodb.com and wowinterface.com.

Also it would be pretty clear if someone got into the DB as the logs would immediately reflect this. If someone had gotten access to the DB directly you can rest assured that any self respecting admin would force a universal password reset.

Edited by TruePoindexter, 13 December 2012 - 07:33 PM.






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users