328 replies to this topic

[anonymous175]

Your own?

[Ter Ushaka]

*dramatic sting*
Maybe they were the one that wanted the PGI job all along, not me!

[Sparks Murphey]

Stepping away from the vehemence and vitriol, may I suggest that PGI make an official statement outside these forums as well? So far, we've got a statement saying that "Don't worry, the forums aren't toxic," but that's been made on the forums themselves, which no one who is still unsure about the safety of the forums is going to be reading. A post on Twitter and Facebook, possibly linking to a page hosted on either the PGI or IGP domains, would help communicate that.

[-Kite-Man-]

Bryan Ekman, on 13 December 2012 - 04:14 PM, said:

• At no time were any databases containing personal information compromised. This includes e-mails and passwords.
  
• PGI and IGP does not store, nor have access to any user credit card information.
  
• Account passwords are encrypted and stored in databases not affected by today’s incident.

OK, but could there conceivably have been some keylogging or software installed as a result of the vulnerability?

I appreciate that the password server wasn't breached, but is there a potential threat to our login information separate from that?

Do you have any reccomended course of action, IE should we run an malware scan?

[Elddric]

I did not receive this email. Perhaps the script didnt do what you think and just mailed people who logged in because they showed as online.using the send me a message part of the forum? There are ways to send mail without having to steal the data.

Edited by Elddric, 13 December 2012 - 06:23 PM.

[nom de guerre]

Bucklar, on 13 December 2012 - 06:20 PM, said:

IE should we run an malware scan?

you should eb doing that regularly anyway...

[DerelictTomcat]

^ THIS!

Elddric, on 13 December 2012 - 06:22 PM, said:

I did not receive this email. Perhaps the script didnt o what you think and just mailed people who logged in because they showed as online.using the send me a message part of the forum? There are ways to send mail without having to steal the data.

^ and THIS!

There is also ways to teach and inform others without having a hissy fit. More people might be prone to listen.

Edited by DerelictTomcat, 13 December 2012 - 06:24 PM.

[nom de guerre]

DerelictTomcat, on 13 December 2012 - 06:24 PM, said:

There is also ways to teach and inform others without having a hissy fit. More people might be prone to listen.

but its the internet wheres the fun in that?

[Sparks Murphey]

Ah, Inertiaman. Once he gets his rage going, you can't stop him. No amount of logical argument, appeals to reason or outright account banning can stand in his path.

[xImpalerx]

I gotta say, you guys are on the ball with this... I was JUST ABOUT to respond to my own post with this comment a few minutes after my post........


"Didn't see the post earlier.. seems that firefox users are having the issue too. The thread for this topic has already been posted HERE...
http://YOU-ARE-ALREADY-AT-THE-THREAD

Sorry for the extra post on the issue.. just found it myself."

........BUT... it was already locked!! d'oh! good job on keeping an eye on the problem guys

[DerelictTomcat]

Bashing the company does nothing. I'm sure if important information were compromised they would have taken more drastic steps in securing things and informing us of actions to be taken.

It isn't their job to teach anyone about keeping their personal computer secure and safe its their job to make this game I enjoy so much.

As an employer anything an employee does on my network ultimately belongs to me. I can see an employer saying access to a gaming forum is off limits just because you should be working.

peace

Edited by DerelictTomcat, 13 December 2012 - 06:36 PM.

[xImpalerx]

O.o I hacked everyone's stuff.. now.. AYBABTU
(don't ban me.. I'm just kidding) XD

[Elddric]

Dude. Till you see the exploit how about just posting your disappointment once and moving on. Maybe they are right and nothing was taken. Just a bit of mass mailings.....

Edited by Elddric, 13 December 2012 - 06:40 PM.

[nom de guerre]

FYI: logged in/out repeatedly during the attack, and per the McAfee corporate av suit we run at work nothing was D/L'd to this computer.

[xImpalerx]

xImpalerx, on 13 December 2012 - 06:35 PM, said:

O.o I hacked everyone's stuff.. now.. AYBABTU
(don't ban me.. I'm just kidding) XD

........why do I get the feeling that every mod is double checking my login's and IP address to make sure it wasn't me? ....*gulp*

[Lon3Wo1f]

"We can confirm:At no time were any databases containing personal information compromised. This includes e-mails and passwords."

Perhaps you can explain why I received two identical spam emails to two addresses used exclusively with MWO if this is true. It was what first made me think there was a hack / exploit problem. I came to the forums and got the "Reported Attack Site" message.

[DivideByZer0]

What do we do if we are having a problem with a redirect virus now ? I just ran AVG and reinstalled opera.... like 6 times.

[Lin Shai]

Ahem. I have two accounts in MWO, using two emails on domains that I own and control and one of them isn't an alias I use for anything else.

At 5:40p MST I received the "Windows 8 is Fail" email to both of them. And yet, not to any other email alias on those domains. One of them I have not logged into today either in-game or on the site.

I don't know what's worse, PGI lying about it (although it may just be that they literally are that clueless and have no idea ... ), or the white knighting going on.

Seriously folks ... change your password, at the very least. Though more than likely they're just selling emails to spammers when they found no billing/financial info.

Thankfully I wasn't accessing the site on my Windoze machine, because the malware probably delivered a payload. I would highly suggest scanning your machine if your browser didn't prevent you from getting to the site or you didn't have active anti-virus to stop the download from occurring.

Edited by Lin Shai, 13 December 2012 - 07:22 PM.

[xenoglyph]

IF the database wasn't dumped (big if) then the attack consisted of taking over a super moderator/admin account and then crawling through user list and grabbing emails.

Why do I say that? I got the famous spam email on an account that hasn't logged on in weeks.

[TruePoindexter]

Lin Shai, on 13 December 2012 - 07:11 PM, said:

Ahem. I have two accounts in MWO, using two emails on domains that I own and control and one of them isn't an alias I use for anything else.

At 5:40p MST I received the "Windows 8 is Fail" email to both of them. And yet, not to any other email alias on those domains. One of them I have not logged into today either in-game or on the site.

I don't know what's worse, PGI lying about it (although it may just be that they literally are that clueless and have no idea ... ), or the white knighting going on.

Seriously folks ... change your password, at the very least. Though more than likely they're just selling emails to spammers when they found no billing/financial info.

Thankfully I wasn't accessing the site on my Windoze machine, because the malware probably delivered a payload. I would highly suggest scanning your machine if your browser didn't prevent you from getting to the site or you didn't have active anti-virus to stop the download from occurring.

I have not received the email. If the forum was compromised first I should have received it. Since I did not receive it and we know the forum was compromised afterwards I'm going to go with an external source of emails was found or whoever it was that did this simply pieced together functioning email addresses through deciphering what people post on the forums. Once someone was dumb enough to click the link and forfeit their login information it's child's play to then behave as a user and inject illicit code. From there perhaps additional emails were scraped through cookies and other sources.

The major issues are that they need to close whatever injection vulnerability existed and get blacklists to remove them. As the forum software itself is licensed it's probably not even PGI's fault that the vulnerability existed to begin with - whoever developed it did a poor job of accounting for all injection points. Removing mwomercs.com from the blacklists will imply take time and I'm sure they've already gotten started on it.

I understand Lin Shai that you really don't like PGI and IGP for some reason. I think it borders on irrational at points but you're welcome to your opinion. Please however refrain from discussing security matters that you do not understand. It makes you disingenuous at best gives people the wrong impression.

xenoglyph, on 13 December 2012 - 07:23 PM, said:

IF the database wasn't dumped (big if) then the attack consisted of taking over a super moderator/admin account and then crawling through user list and grabbing emails.

Why do I say that? I got the famous spam email on an account that hasn't logged on in weeks.

Emails are easy to guess since most users tend to use similar names across the board. Further many people use the same email through multiple gaming networks. As an example WoW accounts most of the time are almost never compromised through battle.net but rather through malicious ads placed on popular community sites such as mmodb.com and wowinterface.com.

Also it would be pretty clear if someone got into the DB as the logs would immediately reflect this. If someone had gotten access to the DB directly you can rest assured that any self respecting admin would force a universal password reset.

Edited by TruePoindexter, 13 December 2012 - 07:33 PM.