EQ2 Forum Archive @ EQ2Wire - View Single Post

bleap · 03-19-2008, 08:52 PM

StormCinder wrote:

bleap wrote:
StormCinder wrote:
Umee wrote:
It's not just SOE, there are news articles out there (and a few of them are linked from these forums) that all this hacking has happened across the board with MMORPGs. Posts have been made that SOE is aware of the issue (see: Community News forum). It's an awful thing. I truly feel sorry for those who thought they were safe (this means, not those who've shared their information). I always use a different password solely for my Station account (or whatever other game I'm playing) than anything else. I have several I cycle through for forum passwords. I run spy-ware detectors, anti-virus scans, and update my drivers and such regularly.I have faith that SOE is doing what they can. This is a serious matter and is likely hogging a lot of resources until it's all figured out. It's easy to blame them, as many effected do play SOE games, but also please remember that this is effecting many other MMORPGs out there not run by SOE.Also, I see people listing sites they've visited during the time they've been hacked. It's great that this community can work together to help pinpoint issues like this. However, waggling fingers at other sites without proof that they have keyloggers is not a healthy thing. I ask with Halfling pleas to not blame other sites without proof
And I would have to agree with the previous poster that pointed out the unliklihood that these hacks are taking the time to pull the information from hundreds/thousands of individual client machines, when it is always much more economical to hack the back end machines. I know it's affecting other games, but it appears more likely that the information was pulled wholesale from the back end rather than the front end.
Credit Card hackers almost always pull from the corporate db where millions of customers' information is stored, rather than keylogging into each and every CC reader at each register. Blaming the users before confirming that the data warehouses have not been hacked is irresponsible.
SC
This would imply that someone hacked SOE and retrieved the data base of customer info....If that's the case then why would SOE have posted the MOTD from yesterday asking anyone who shared their account info to change it...Shouldn't they be telling EVERYONE to change it? I agree that the information probably did come from SOE but wouldn't it be more responsible to admit it and ask everyone to change their passwords? Sure it would be another scandal among other recent ones, but if it's true they were hacked and it gets out to the public, they will lose all credibility and trust....If someone can hack the login/password DB who's to say the credit card DB hasn't been compromised. I believe they are legally obligated to notify their subscribers that use credit cards if that information is lost, stolen or destroyed...
Yes, it would.
I didn't say that they knew they were hacked and are trying to act like they weren't. I'm just saying that it might be a tad premature for SOE to point the finger at the clients before they know they were NOT hacked. And yes, I am reading the CMs posting above that states that since other games were hacked as well, then it's not SOEs fault. If SOE was hacked, then it IS their fault.
And I believe that it is more likely that a central source of userid/pw was hacked rather than sending out thousands of keyloggers, as so many have stated. It may not be SOE. It could be any number of sites that have this information.
The biggest net security faux pas I've seen people commit time and again: registering to be a member of site X. In the sign-up process they are required to include an email address. Then they are asked to submit a username/password. Many MANY people use the same password for multiple sites. So it's not a huge leap to take the email address and password provided in the registration process and access a person's email.
Now, if you're a site that is focused on a certain niche of people...say MMORPG players...some kind of fan site, or centralized info site...and that site gets hacked for it's username/pws. There have been several DoS attacks recently on several of the more popular sites that span any number of games. DoS attacks are often one part of an attack that often includes gaining access to secure portions of websites.
Until this gets resolved, I am changing my password frequently...daily if possible.
SC

I cannot for the life of me think of one valid reason SOE would share this information with anyone...But if you can please enlighten us. If I found out that SOE was selling this information or using it in any manner other than to manage my gaming experience I would cancel my account and the account of my wife right away...no one else has this information....period...I don't use it for any other game or fan site...

03-19-2008, 08:52 PM	#69
bleap Loremaster Join Date: Sep 2006 Posts: 582	StormCinder wrote: bleap wrote: StormCinder wrote: Umee wrote: It's not just SOE, there are news articles out there (and a few of them are linked from these forums) that all this hacking has happened across the board with MMORPGs. Posts have been made that SOE is aware of the issue (see: Community News forum). It's an awful thing. I truly feel sorry for those who thought they were safe (this means, not those who've shared their information). I always use a different password solely for my Station account (or whatever other game I'm playing) than anything else. I have several I cycle through for forum passwords. I run spy-ware detectors, anti-virus scans, and update my drivers and such regularly.I have faith that SOE is doing what they can. This is a serious matter and is likely hogging a lot of resources until it's all figured out. It's easy to blame them, as many effected do play SOE games, but also please remember that this is effecting many other MMORPGs out there not run by SOE.Also, I see people listing sites they've visited during the time they've been hacked. It's great that this community can work together to help pinpoint issues like this. However, waggling fingers at other sites without proof that they have keyloggers is not a healthy thing. I ask with Halfling pleas to not blame other sites without proof And I would have to agree with the previous poster that pointed out the unliklihood that these hacks are taking the time to pull the information from hundreds/thousands of individual client machines, when it is always much more economical to hack the back end machines. I know it's affecting other games, but it appears more likely that the information was pulled wholesale from the back end rather than the front end. Credit Card hackers almost always pull from the corporate db where millions of customers' information is stored, rather than keylogging into each and every CC reader at each register. Blaming the users before confirming that the data warehouses have not been hacked is irresponsible. SC This would imply that someone hacked SOE and retrieved the data base of customer info....If that's the case then why would SOE have posted the MOTD from yesterday asking anyone who shared their account info to change it...Shouldn't they be telling EVERYONE to change it? I agree that the information probably did come from SOE but wouldn't it be more responsible to admit it and ask everyone to change their passwords? Sure it would be another scandal among other recent ones, but if it's true they were hacked and it gets out to the public, they will lose all credibility and trust....If someone can hack the login/password DB who's to say the credit card DB hasn't been compromised. I believe they are legally obligated to notify their subscribers that use credit cards if that information is lost, stolen or destroyed... Yes, it would. I didn't say that they knew they were hacked and are trying to act like they weren't. I'm just saying that it might be a tad premature for SOE to point the finger at the clients before they know they were NOT hacked. And yes, I am reading the CMs posting above that states that since other games were hacked as well, then it's not SOEs fault. If SOE was hacked, then it IS their fault. And I believe that it is more likely that a central source of userid/pw was hacked rather than sending out thousands of keyloggers, as so many have stated. It may not be SOE. It could be any number of sites that have this information. The biggest net security faux pas I've seen people commit time and again: registering to be a member of site X. In the sign-up process they are required to include an email address. Then they are asked to submit a username/password. Many MANY people use the same password for multiple sites. So it's not a huge leap to take the email address and password provided in the registration process and access a person's email. Now, if you're a site that is focused on a certain niche of people...say MMORPG players...some kind of fan site, or centralized info site...and that site gets hacked for it's username/pws. There have been several DoS attacks recently on several of the more popular sites that span any number of games. DoS attacks are often one part of an attack that often includes gaining access to secure portions of websites. Until this gets resolved, I am changing my password frequently...daily if possible. SC I cannot for the life of me think of one valid reason SOE would share this information with anyone...But if you can please enlighten us. If I found out that SOE was selling this information or using it in any manner other than to manage my gaming experience I would cancel my account and the account of my wife right away...no one else has this information....period...I don't use it for any other game or fan site...