Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Quick Links
MMORPG.com Database Hacked??
fat_taddler
Member Posts: 286
Let me start by saying that I am a CISSP certified, Director of Information Technology for a fairly large financial institution and am fully aware of the importance of account security and end user responsibility.
For the first time, I received the infamous ANet email "someone - hopefully you (haha) changed the email address on this account"
I was sincerely hoping that it was simply spam but when I got home today and attempted to log into GW2 I realized that I had in fact been hacked.
Being an IT person who is very sensitive to risk exposure, you can imagine that my home PC is very fortified. On top of that, I just bought a new rig that is only two weeks old so it's very clean. I run the latest version of Kaspersky AV and have every protection component turned on.
At my office, we have very robust security controls in place which are audited by a division of the government once a year and must pass strict penetration testing twice annually.
That being said, I think I can safely say that I was not the victim of a keylogger attack.
Now for the kicker, the only email address I use for gaming is the one that was changed and the only other time I've ever used that password in conjunction with that email address was on this website about two years ago (not this account).
I like this website and use it frequently but I have to suspect at this point that it may have been compromised.
I'm certainly not saying this to be malicious towards the admins of MMORPG.com, only to inform them and other users of this site that there may have been a breech of one of the user account databases associated with this site.
If you use the same email here as well as GW2, please be aware that there may be a significant risk that your account could be compromised.
Comments
You almost had me, but then you say this.
Never, Never, Ever, use a password for more than 1 account, silly.
Playing- Guild Wars 2, SWTOR
SWTOR Referral Link Get a free Server Transfer and lots of other free stuff for your SWTOR account! Works for both new and previous players.
I'm Bill Gates himself, this is my hidden personality.
True story.
This said, yes, if you use the same mail/password for fansite forums and for your games, you DESERVE to be hacked.
Respect, walk
Are you talkin' to me? Are you talkin' to me?
- PANTERA at HELLFEST 2023
I've used the email address in question with this password one other time in two years, I realize that maybe it wasn't the best idea in the world but I certainly don't think it grounds to dismiss my concerns.
I do not have accounts with any other gaming sites, only MMORPG.com.
I don't think I "DESERVED" to get hacked and I'm not looking for a pitty party. I'm simply pointing out a very obvious connection that should be looked into.
People on this site are pretty vicious
I'm sorry to hear your account was hacked. We did have a string of security issues the last one being in late 2010 that resulted in some of our user email addresses being stolen. This is most likely how your email address was obtained. We have not heard reports since then of people's accounts being compromised and keep a sharp eye on the security of our infrastructure.
- MMORPG.COM Staff -
[mod edit]
For your edification, in order to provide adequate system security, all you need do is schedule a virus scan of your hard drive once a month at most, even a free online scan service will suffice. Combine this with regular system updates and the addition of an up to date script blocker for your browser of choice and this will provide all the data security an average user will ever need. If you are behind a router as are most users nowadays, you are even more secure.
However, if you regularly download pirate software from illegal sources and visit sites offering the same, you will need a little more protection, but not much more, perhaps the addition of a package to protect from malware set to scan once a week. If you feel happier about your computers security paying yearly license fees for virus software, by all means feel free. On the other hand, assuming you use an modern MS OS, Microsoft security Essentials is more than adequate and it is free.
[mod edit]
My Colour Is Vomit green, I puke on the tards with stupid colour sigs. My symbol is ,,!, O ,!,, My enemies are any prat with a colour sig, a meaningless personality test, or a pointless list of games and classes.
Regards Hexcaliber
This can be somewhat infeasible , take myself I am a member of at least 70 forums , have accounts to 10+ MMO & then you have things like Steam -youtube-skype I could go on & on so there is know what I could have 100+ different password it would drive me insane
PS - OP I got the same Email - of course I just deleted it as I have nothing to do with Anet
''/\/\'' Posted using Iphone bunni
( o.o)
(")(")
**This bunny was cloned from bunnies belonging to Gobla and is part of the Quizzical Fanclub and the The Marvelously Meowhead Fan Club**
oh shit really? thanks i don't use the same password
You brag about your expertise (allthough obviously lying), then do a noobish thing like that. Yes, you deserved it.
"True friends stab you in the front." | Oscar Wilde
"I need to finish" - Christian Wolff: The Accountant
Just trying to live long enough to play a new, released MMORPG, playing New Worlds atm
Fools find no pleasure in understanding but delight in airing their own opinions. Pvbs 18:2, NIV
Don't just play games, inhabit virtual worlds™
"This is the most intelligent, well qualified and articulate response to a post I have ever seen on these forums. It's a shame most people here won't have the attention span to read past the second line." - Anon
made me smile
EQ2 fan sites
I'm not vicious at all. If you use the same emails/passwords for random forums and for your games, you make it easier for hackers. A "CISSP certified, Director of Information Technology" should know this I think.
I'm just a software engineer playing video games for like 30+ years and online games for like 20 years, and who NEVER got hacked... ;-)
Respect, walk
Are you talkin' to me? Are you talkin' to me?
- PANTERA at HELLFEST 2023
I find your reply fairly amusing and really unnecessary. I gain nothing by creating a "story" and my post was submitted on the public forums to inform both the mods as well as other players.
Considering that I use a specific email address only for gaming and had not used that password for in conjunction with it on any fan sites except this one over two years ago. I do not see any reason why that would discredit me. I also do not download any pirated software as you seem to incinuate.
If you think my post is BS then why even take the time to reply to it.
I happened to use a password that I hadn't used in over two years with a particular game. Mind you I play many MMO's and do not carry the same password across them. I recycle a password used on one website over two years ago (without realizing) and suddenly all of my credibility is out the window?
I'm having trouble understanding why people would attack me and claim I'm lying when I'm simply trying to infom people that these types of hacks are real and can happen to anyone. At the same time, I decided to point out a very suspicious coincedence which I discovered regarding this website which was actually verfied by a MMORPG.com employee in this thread.
Maybe I should have left out my credentials, didn't realize how angry people would get about a post from someone with an actual career.
I simply put that info in to demonstrate that 1) this can happen to anyone and 2) that I don't need a lecture about user account security. Some may disagree on point 2 but to completey discredit me and the hard work I've put into my career seems unneceassry
This can be somewhat infeasible , take myself I am a member of at least 70 forums , have accounts to 10+ MMO & then you have things like Steam -youtube-skype I could go on & on so there is know what I could have 100+ different password it would drive me insane
You can use the same password for all the crappy forums. Just don't use that password for anything important as well.
That's my setup. One password for all the websites and forums and other such unimportant crap; and then separate unique passwords for everything important. Separate email addresses also (I have a domain name registered so I can use as many addresses as I like at that domain).
Probably because its GW2 post it in TOR forums and then you would've been popular, either way i think it's Anet but thats me I had a GW1 acct that i play GW2 beta with and it got hacked on release day, yes i got the emails i just deleted them but got curious checked my GW1 acct and yeap it was stolen but i don't care i haven't played gw1 in forever and i only used that password for GW1. The only thing it did was make me wait to buy GW2 until all this dies down and Anet gets a hold of the situation.
Ignore the people I doubt it was MMORPG.com unless it was 2010 they got your info but i find it more likely Anet has a hole its possible it happens to alot of companies good and bad its not impossible people nd NO ONE deserves to get hacked except the people who say it. If anyone is to blame its the hackers.
Yes! Nerds with huge sharp pointy teethe!
Death is nothing to us, since when we are, Death has not come, and when death has come, we are not.
There's another place your email address would be recorded - in the GW2 database. Given the massive number of other compromised account reports I'm seeing, I can only suggest this is the more likely cause of your GW2 account being compromised. But that only leaves a couple of possibilities, the GW2 DB has a security hole, a backdoor, or someone is working on the inside to distribute brute-force crack-attack hashes and usernames. Or somesuch scenario as these.
Less likely that the umpteen accounts being compromised came from mined email/brute-force combo attacks.
/O
Thanks to anyone who didn't bash me. Honestly, I discovered a possible account issue related to this website and just wanted to inform my fellow MMO players
If I came across as a dick for including my credentials, I do apologize. I never intended to offend anyone, just wanted those parties interested to know that I have some sort of credibility in the field of IT security and support.