Jump to content

- - - - -

Dec 13Th Incident - Official Response


328 replies to this topic

#201 DerelictTomcat

    Member

  • PipPipPipPipPipPip
  • Legendary Founder
  • Legendary Founder
  • 245 posts
  • Twitter: Link
  • Twitch: Link
  • LocationEast Coast USA

Posted 14 December 2012 - 12:29 PM

Well I guess I am done with these forums. Warning was back up last night when I tried to come back and is now up yet again as I was reading something.

PGI apparently you have things that need to be worked out with the security of these forums. Day two now and the third time in under 24 hours that I have seen this warning pop up after it was corrected.

Whats the deal?

#202 OpCentar

    Member

  • PipPipPipPipPipPipPip
  • 547 posts

Posted 14 December 2012 - 12:31 PM

View PostThontor, on 14 December 2012 - 11:55 AM, said:

Login info is two things... Your password is safe with PGI... Encrypted and all that.

It's up to you to make it difficult to guess the password of course.

And even if they do get both pieces of information, what are they goin to do with it? I suppose they might sell it to someone who wants an account with lots of stuff on it. But it shouldnt be hard to get back if you report it, and they could probably even revert the account to what it was.

I highly doubt there's a market for MWO accounts anyways..



I'm not so sure my password is safe. This, proprietary is it?, forum software has failed in my eyes as a customer.
Using MD5 checksums, which are also not safe, deepens my skepticism.

Yes, the worst thing that can happen to me is waking up to an empty mech bay or perhaps having somebody abusing my forum profile and in game identity. But brushing aside risks, agreed with limited (known) potential damage is again not something I approve. Not when there's a simple way to avoid it by separating forum and in game accounts, or adding two factor authentication which is the better way.

I agree about restoring my account via support.

Regarding a market for MWO accounts, take a look at WoT. They said the same thing yet there is definitely a demand for those accounts. At least in Europe and Russia.

I predict the same after we get Community Warfare going.


Although PGI panicked a bit with all those forum topic locks, they did come clean in the end and that's good. Then again, having your site blacklisted by Google and every major antimalware software isn't something you can hide.

So I'm not panicking here - just stating my point of view as an alternative to "don't worry about it - it's fixed" general opinion.

Edited by OpCentar, 14 December 2012 - 12:37 PM.


#203 DerelictTomcat

    Member

  • PipPipPipPipPipPip
  • Legendary Founder
  • Legendary Founder
  • 245 posts
  • Twitter: Link
  • Twitch: Link
  • LocationEast Coast USA

Posted 14 December 2012 - 12:32 PM

Another forum I use was attacked a few months ago a script was used to send emails to the accounts without even seeing our addresses. This is probably similar.

An email is not a concern unless it has a link and you clicked it.

As far as I understand these things.

Now the warning being back well that is a real issue.

#204 ZealotTheFallen

    Member

  • PipPipPipPipPipPip
  • FP Veteran - Beta 1
  • FP Veteran - Beta 1
  • 264 posts

Posted 14 December 2012 - 12:34 PM

been hit by the page warning also just to let someone know it is not gone yet

been hit by the page warning still just to let someone know it is not gone yet

#205 Accuso

    Member

  • PipPipPipPipPip
  • Legendary Founder
  • 118 posts
  • LocationDresden, Germany

Posted 14 December 2012 - 12:35 PM

View PostThontor, on 14 December 2012 - 12:15 PM, said:

not exclusively to MWO players. There are reports of people receiving these in other forums as well. It was a breach in the software used for the forums, other forums use the same software.

Neither of the email accounts I have used for MWO got that spam by the way... Yes I checked my spam folder.


allright... fair is fair... others may have gotten the same email...
and yes the forum software was hacked and not pgi or mwo in particular! BUT... the problem is... they lied anyway...

fact is that there are spamemails going out to players of mwo without any connection to each other... some players might get them... some players dont... but this cant be a coincidence... and therefore the emailadresses HAVE to come from here...
yet pgi still tells us that our emails are safe... so they are lying!

#206 focuspark

    Member

  • PipPipPipPipPipPipPipPipPip
  • The Ardent
  • The Ardent
  • 3,180 posts

Posted 14 December 2012 - 12:35 PM

View PostColumbit, on 14 December 2012 - 12:14 PM, said:

Stop lying! Me and my corpmates got spammails and faield logins on our email accounts! Most of us avoided mwomercs.com yesterday so the adresses came from PGI database. Sorry For the bad layout but i block any scripts from this site until this is over.

Lol I've been using WinRT IE10 which has a bug in it that disallows mwomercs.com's javascript from working. I thought IE sucked, but it looks like it has been blocking the hack script even if it was by accident. :-p

#207 DerelictTomcat

    Member

  • PipPipPipPipPipPip
  • Legendary Founder
  • Legendary Founder
  • 245 posts
  • Twitter: Link
  • Twitch: Link
  • LocationEast Coast USA

Posted 14 December 2012 - 12:35 PM

View PostZealotTheFallen, on 14 December 2012 - 12:34 PM, said:

been hit by the page warning also just to let someone know it is not gone yet

been hit by the page warning still just to let someone know it is not gone yet


Funny it seemed to come back as I was switching between pages yet now it is gone again.

#208 focuspark

    Member

  • PipPipPipPipPipPipPipPipPip
  • The Ardent
  • The Ardent
  • 3,180 posts

Posted 14 December 2012 - 12:41 PM

View PostLon3Wo1f, on 13 December 2012 - 06:57 PM, said:

"We can confirm:At no time were any databases containing personal information compromised. This includes e-mails and passwords."

Perhaps you can explain why I received two identical spam emails to two addresses used exclusively with MWO if this is true. It was what first made me think there was a hack / exploit problem. I came to the forums and got the "Reported Attack Site" message.

JavaScript on the page watched you type your email as a username (really stupid practice on IGP's part here) and reported it to its master.

#209 Lin Shai

    Member

  • PipPipPipPipPipPipPipPipPip
  • 2,401 posts
  • Facebook: Link
  • LocationDenver, CO

Posted 14 December 2012 - 01:39 PM

View PostThontor, on 14 December 2012 - 12:46 PM, said:

so many other games use an email address for a username, and the same login info for the website and game... As long as the passwords are secure and encrypted, I don't see the issue.... So they get my password... So spam emails I never see get sent to that email..


You realize that many of those sites and games still use MD5 hashes for that "encryption" part, right?

As I mentioned ... that's no longer secure. But there are tons of developers that don't know that, even though it's been widely publicized.

LinkedIn. You'd think they'd know about this, right? Not so much. They were breached and when the dump of hashes was made public it was used as the poster child for why MD5 is bad. Box full of GPUs, brute forcing, and presto - your pasword isn't secure.

Coda Hale has an excellent writeup about this: http://codahale.com/...ore-a-password/

#210 GrunHerz

    Rookie

  • 5 posts

Posted 14 December 2012 - 01:39 PM

View Postfocuspark, on 14 December 2012 - 12:41 PM, said:

JavaScript on the page watched you type your email as a username (really stupid practice on IGP's part here) and reported it to its master.
I also use an unique email account with MWO. Only after I got the email, I went to check out the forums and had my AV yelling 'watch out'.I wasn't logged on the website/forum for months. So, it was not harvested on the site by that script, nope, I think the database was comprimised, at least for a while. My earlier posts yesterday were all deleted.

Edited by GrunHerz, 14 December 2012 - 01:41 PM.


#211 Tirick Fire

    Member

  • PipPipPipPipPip
  • Elite Founder
  • 172 posts
  • LocationOntario, Canada

Posted 14 December 2012 - 01:46 PM

This morning was clear and when I came to the sight 10-20 min ago, no warnings, then suddenly it popped up again after viewing a few topics.

#212 STRONG LIKE BEAR

    Member

  • PipPipPip
  • 88 posts

Posted 14 December 2012 - 02:00 PM

Firefox has been listing your site as an attack site intermittently throughout the day. Once again you are listed as an attack site.

Oh, and before someone chimes in with their AOL help desk tips, yes, I've cleared the cache.

Fix your **** PGI

#213 Squigles

    Member

  • PipPipPipPipPipPip
  • Knight Errant
  • 426 posts

Posted 14 December 2012 - 02:03 PM

Indeed, the warnings are popping back up for me as well despite being clear earlier. And if I might ask, please be sure about any information that gets posted in the future. Kyle Poulak's confirmation in the "Blackhole Exploit?" thread (now deleted) that it was a false positive and a result of "malware detection signature was put into peoples definition files recently that treats an official script as being malicious." had me telling a few friends that the site was clean.

If they've been infected I'll never hear the end of it.

#214 GrunHerz

    Rookie

  • 5 posts

Posted 14 December 2012 - 02:05 PM

* deleted brain fart *

Edited by GrunHerz, 14 December 2012 - 03:56 PM.


#215 Stickjock

    Member

  • PipPipPipPipPipPipPipPipPip
  • Bad Company
  • Bad Company
  • 2,687 posts
  • LocationPetal, MS

Posted 14 December 2012 - 02:06 PM

Just my experience, but I've been on/off the site all day long now since 6:00am central time (currently 4:07pm central time) and absolutely no problems with Chrome... no warnings, nothing...

#216 Kogrim

    Member

  • Pip
  • Bridesmaid
  • 12 posts

Posted 14 December 2012 - 02:11 PM

View PostThontor, on 14 December 2012 - 11:55 AM, said:

And even if they do get both pieces of information, what are they goin to do with it? I suppose they might sell it to someone who wants an account with lots of stuff on it. But it shouldnt be hard to get back if you report it, and they could probably even revert the account to what it was.


In general, the goals are usually:

  • Obtain in-game items to sell for real money. Since MWO doesn't have trading or a real in-game economy, this probably isn't a motivation.

  • Obtain passwords, which can then be tested against other accounts, which may or may not belong to the same user. This is what happened with the plentyoffish.com hack... the passwords, of which many were re-used, were used to log into other accounts. I wouldn't be surprised if many, many of the passwords for MWO matched the passwords for the email accounts they're connected to. (A number of my own users had their university accounts hacked right after the PoF attack... and yes, they were PoF users...)

  • Obtain emails which can be sold to spammers. "Confirmed" accounts go for more money than scraped addresses.

  • And finally, some do it just to cause chaos. Yes, if you log in one day to find your mech bays empty, PGI can probably recover your stuff, but for the length of time it takes to do so, your time is wasted, PGI's time is wasted, and many players will give up and quit.


#217 Kristov Kerensky

    Member

  • PipPipPipPipPipPipPipPipPip
  • FP Veteran - Beta 1
  • FP Veteran - Beta 1
  • 2,909 posts

Posted 14 December 2012 - 02:21 PM

No warnings from Chrome today for the MWO website or forums. Also no spam email concerning Win8 yesterday or today, and that's kind of funny since the email used for this account here isn't a one off for this game only, it's used for multiple game accounts varying from MMOs to FPSs and still not a single Win8 spam mail. I really think that spam mail was a blind mass email campaign, not a directed one, since I checked my WIFE'S email and she did get the Win8 spam on her account, which isn't tied to ANY game any where...

Nothing wrong with a little paranoia, but really folks, some of you are going way overboard with it...knew I should have bought stock in aluminum foil...

#218 IIIuminaughty

    Member

  • PipPipPipPipPipPipPipPip
  • FP Veteran - Beta 1
  • FP Veteran - Beta 1
  • 1,445 posts
  • LocationVirginia

Posted 14 December 2012 - 03:07 PM

OH GAWD!!

#219 Alfred VonGunn

    Member

  • PipPipPipPipPipPipPipPip
  • 1,772 posts
  • LocationPhoenix,AZ

Posted 14 December 2012 - 03:29 PM

View PostARCTICF0X, on 13 December 2012 - 04:29 PM, said:

Chrome still reporting site as unsafe. Cannot even view webpage.

IE doesn't have this problem for me.


That would be because most things from Micro Sponge are not really worried about security:)

#220 Kahoumono

    Member

  • PipPipPipPipPipPip
  • 306 posts

Posted 14 December 2012 - 03:58 PM

I haven't had had the chrome warning or spam email either. It seems sort of coincidental that this happened just as MWO was making a push to do some business with a MC sale.





7 user(s) are reading this topic

0 members, 7 guests, 0 anonymous users