It wasn’t.
Continue reading “PSA: Actually The Steam Database Wasn’t Leaked”
Tag: Hacked
Mortal Online Hit By Another Hack
Star Vault is assuring players that payment data has not been stolen in what appears to be a breach of Mortal Online’s servers. Servers for the MMO were shut down after players noticed alterations to in-game menus, text changes, and strange dialogue shouted by town crier NPCs. The website is down as of this writing, however Star Vault has acknowledged the breach via their Facebook page.
As we use Global Collect as our primary payment processor, they would need to have been breached for any payment information. They have not been, so there is no need to worry about your payment information. This information is not stored on Star Vault servers so you won’t need to worry about that.
There are unverified reports of the attacker being able to ban and unban accounts. You can see some images from in-game at the link below, they contain heavily offensive language.
Blizzard Servers Breached
Grab your authenticators and rev up the conspiracy machine. With all the server breaches that have happened over the past year or so, it seemed inevitable that Blizzard would eventually be the victim of such an attack. A security notice on Battle.net has been posting warning users that a security breach has resulted in delicate information being released.
According to the notice, encrypted passwords, security questions, email addresses, and mobile authenticator information was stolen in the breach. Mike Mohaime points out that the information leaked is not enough to recover an account, however users over the next few days will be forced to change their secret questions and mobile authenticator users will be required to update to a new version of the software.
All in all the breach was bad, but as several sites are pointing out, it could have been much worse.
(source: WoW Insider)
Phantasy Star Online 2 Hacked, NPCs Moved
Phantasy Star Online 2 was released recently in Japan, and comes to the west in early 2013, and the hackers have already started taking control. This week players managed to hack into the MMO and played a prank by moving NPCs around and out of reach of gamers. Sega claims that they are investigating the hack and that no data was leaked in the process.
Phantasy Star Online has always had problems with security holes, from the original which could be hacked with Gameshark, to rampant item duping and other hacks. Unlike real MMOs, Phantasy Star Online runs many operations client-side, offering a major opportunity for players to make alterations with the way their client connects with the server. The NPC glitch above has reportedly been in the game since the beta first launched.
(Source: Kotaku)
Cryptic Studios Was Hacked…In 2010…
In case there is any confusion, you are indeed reading an article posted on April 25th, 2012, for an announcement that was posted on April 25th of the same year. Cryptic Studios has announced via their corporate website that an unknown user gained unauthorized access to their servers in December 2010, analysis of which has only just come back recently.
The unauthorized access included user account names, handles, and encrypted passwords for those accounts. Even though the passwords were encrypted, it is apparent that the intruder has been able to crack some portion of the passwords in this database. All accounts that we believe were present in the database have had the passwords reset, and customers registered to these accounts have been notified via e-mail of this incident.
If you have a Star Trek Online or Champions Online account dating back to December 2010, it is strongly suggested that you secure any other accounts that share the same email address/username/password.
(Source: Cryptic Studios)
Mortal Online Wasn't Hacked
Here at MMO Fallout, I’ve developed a pet peeve over the distinct difference between being hacked and having an account breached. Hacking requires some amount of technical prowess to accomplish, such as exploiting a vulnerability in an sql database to retrieve a list of passwords, or in the case of NCSoft back a couple of years, using an exploit in the client to log into a random person’s character and steal their items. When someone breaches an account by way of keylogger, guessing the password, or having access to an account with higher privileges, the account was compromised, not hacked.
In the case of Mortal Online, yesterday a player obtained access to a GM account and went wild on the server, deleting structures and altering some player’s accounts. It’s important to note that the person was not able to access payment details, and apparently the extent of the damage was destroyed assets, some players had their passwords changed, and some players were banned.
So Star Vault, as they announced, had a “security breach,” but the company was not hacked as some outlets are reporting. I just want to reinforce this difference because with the recent hacking at Steam, Square, Sony, etc, the announcement that a company has been hacked is just another fear of one’s credit details being stolen.
The more you know.
(Source: Star Vault)
Mortal Online Wasn’t Hacked
Here at MMO Fallout, I’ve developed a pet peeve over the distinct difference between being hacked and having an account breached. Hacking requires some amount of technical prowess to accomplish, such as exploiting a vulnerability in an sql database to retrieve a list of passwords, or in the case of NCSoft back a couple of years, using an exploit in the client to log into a random person’s character and steal their items. When someone breaches an account by way of keylogger, guessing the password, or having access to an account with higher privileges, the account was compromised, not hacked.
In the case of Mortal Online, yesterday a player obtained access to a GM account and went wild on the server, deleting structures and altering some player’s accounts. It’s important to note that the person was not able to access payment details, and apparently the extent of the damage was destroyed assets, some players had their passwords changed, and some players were banned.
So Star Vault, as they announced, had a “security breach,” but the company was not hacked as some outlets are reporting. I just want to reinforce this difference because with the recent hacking at Steam, Square, Sony, etc, the announcement that a company has been hacked is just another fear of one’s credit details being stolen.
The more you know.
(Source: Star Vault)
Trion Hacked: Details Still Sparse
Is anyone else getting tired of hearing every month of new developers being hacked? Trion announced today that their servers have been breached, and a database including usernames, encrypted passwords, birth dates, email addresses, billing addresses, and the first and last four numbers of associated credit cards was accessed.
There is no evidence, and we have no reason to believe, that full credit card information was accessed or compromised in any way. We have already taken further action to strengthen our systems, even as we, with external security experts, continue to research the extent of the unauthorized access.
Head over to Trion’s website to read the whole announcement and for more information. Users are required to change their passwords, reset their security locks, and choose new security questions. Those who follow these steps will receive three free days added to their account, regardless of whether or not they are currently subscribed.
(Source: Announcement)
Square Enix Members Hacked:
[Update] Square Enix has confirmed that no member information was stolen.
As a result of our continuing investigation, we have now confirmed that the database in which we store personal information was NOT accessed during the recent server intrusion. Therefore, your personal information was NOT compromised by an unknown third party.
Square-Enix is planning to restart the Square Enix Members service by the end of December. Details of the schedule will be announced at a later date.
We deeply regret any inconvenience this may have caused our customers and fans, and appreciate your patience.
Square Enix has taken down its Members service while it investigates a security breach, in order to assess just what may have been taken and what damage has been done. In a message posted on the website, Square confirms that while usernames and passwords may have been taken, “there is no possibility of any credit card leak from this incident, since the server in question stores no credit card information.”
We have reason to believe that unknown parties may have gained unauthorized access to a particular Square Enix server related to the free SQUARE ENIX MEMBERS service offered in North America and Japan. In response, Square Enix, Inc. has temporarily suspended operation of the SQUARE ENIX MEMBERS service starting at 10PM (PST) on December 12, 2011.
There is no information at this time that Final Fantasy XI and Final Fantasy XIV players have anything to worry about, although I would still recommend changing your passwords on your respective games.
Turbine: Change Your Passwords
Number one question coming into MMO Fallout over the past few days: Has username and password information been stolen from Turbine’s forums? The answer, until something official can be confirmed, should be taken as a probably. While not confirming that any data was stolen, Turbine posted a news bulletin of the forum maintenance with the added note that polayers should change their passwords.
As an additional precaution we recommend that all players change their passwords by visiting http://myaccount.turbine.com. Please remember to use unique, hard-to guess passwords that are not associated with other online services or sites, and always look for and report unusual activity in your account to Turbine customer support.
I recommend changing your password proactively.
MMO Fallout 
