Author Message

ghostcannon

Rank 5
ghostcannon
Joined
18 Jun 2009
Posts
3838
Location
Ghostown United States
PostedJul 25, 2012 10:06 am
ghost107 wrote:
Superman0X wrote:
MeiuAngel wrote:
This thread is old. From March. I'm not entirely sure who necroed it or why, as there hasn't been a recurrence of the issue o-o  


The account/pw/email list was made public this week.  

In my opinion password is not a problem(they said the have the password encrypted), but the most difficult problem is the Email, since you can receive spam on your email with this.  


Regardless if passwords were encrypted or not, it is always recommended to change passwords in a regular basis using strong-passwords at least 8-Characters long with Combination of Upper Case-Lower Case letters, Numbers, and non-Alpha Numeric chars such as @#!$%& etc. Just like you can encrypt something, there tools out there for decryption as well Smile. Always play safe, never be in doubt!.

Credit to [GS]Abso for the Siggy
Advertisement

Shalghar

Rank 1
Shalghar
Joined
24 Apr 2012
Posts
375
Location
Germany
PostedJul 25, 2012 10:28 am

Re: Gamigo Account system intrusion

Superman0X wrote:
It appears that Gamigo has "detected an illegal intrusion into [its] gamigo account system." They are still working on the details... but this is a warning that if you have used the same username/password combination on Gamigo anywhere else... now is the time to change it.

News Link

--Update--
It looks like things have not gone well. You can find more details here.

Update 23 July 12

http://massively.joystiq.com/2012/07/23/eight-million-gamigo-user-accounts-compromised/  


Except the information on about how many accounts have been compromised, nothing new in that "news". As one of those concerned i never trusted gamigos own press releases and decided very early to go for several password changes.
One of the sites that reroll these "news" clearly shows what triggered this old storys revival: a new press release from gamigo, saying that after another verification of some sort after that site claimed to have the complete stolen data "nothing new" could be found.

Concerned players knew from the start, that they could not trust the (quite delayed - up to three weeks after the incident) warnings, had to change their passwords and that nothing in the databases stolen really was encrypted better than with MD5 in contradiction to what gamigo promised after the big hacker attack that messed up la lot of ingame accounts one year before.
Startup problems of the new gamigo account system which made it impossible to actually change your password again (first by software bug then by unavailability because every gamigo player tried to login) after a total automated pw change was also not so funny then.

So not really "news". Been there, wasn´t fun at all, not so nice to be remembered, but still nothing new.

Anyone else to exhume older history ?
I will be very polite and not say if i believe anyone will have learned from incidents like that - and that´s not adressed to players.

ghost107

Rank 3
ghost107
Joined
03 Oct 2007
Posts
950
Location
Spirit Realm, Romania
PostedJul 25, 2012 5:56 pm
ghostcannon wrote:
Just like you can encrypt something, there tools out there for decryption as well Smile. Always play safe, never be in doubt!.  


If they used md5 hashing or combined with other one way encryption, I can ensure you it will be nearly impossible to crack it.

For md5 there are rainbow talbles(databases with md5 passwords, but not the full database, 1.2million hashes in what I remember, but the rest are mising), but combined with other one way encryption's(like MD5, Base64, SHA512, SHA1) this will be nearly impossible to crack.

Golemslord

Rank 0
Joined
17 May 2008
Posts
3
Location
Vancouver Canada
PostedJul 25, 2012 9:05 pm

help any gms...

yesterday i transferred my ijji account to aeriagames along with 4
other accounts i have. And today when i logged on, they are all
banned???!?! says i violated terms of service when i try to reset password. I read the terms of service and i did not violate anything. My username starts with gundam or golemslord which is not offensve right?...

Shalghar

Rank 1
Shalghar
Joined
24 Apr 2012
Posts
375
Location
Germany
PostedJul 26, 2012 10:05 am
ghost107 wrote:
ghostcannon wrote:
Just like you can encrypt something, there tools out there for decryption as well Smile. Always play safe, never be in doubt!.  


If they used md5 hashing or combined with other one way encryption, I can ensure you it will be nearly impossible to crack it.

For md5 there are rainbow talbles(databases with md5 passwords, but not the full database, 1.2million hashes in what I remember, but the rest are mising), but combined with other one way encryption's(like MD5, Base64, SHA512, SHA1) this will be nearly impossible to crack.  


The problem is: nothing more than MD5 was used, in most cases plain text entries of passwords undergoing the database change to MD5 were not deleted but still resident.

Still, that "news" is not so new. I believe the stolen data will cough up every now and then, this was such a time.
Gamigo officials state again that every measure has been taken and security has been improved, just like they did after the last two successful attacks.

valeman2

Rank 3
valeman2
Joined
16 Mar 2008
Posts
990
Location
San Francisco ,Evans + 4th United States
PostedJul 26, 2012 11:38 pm
Gamingo Security is Wood base ?

They are more likely target easy to get pass gamecompany(Gamgio/Blizzard/EAGames) to harder gamecompany security (Which is aeriagames)

ASF Corporal Valeman2 SUPPORT DOUBLE EXP/SP Improvement Plan x2 EXP/SP Weekends 3 times every week and every month http://www.aeriagames.com/forums/en/viewtopic.php?t=2119617

shang73

Rank 0
shang73
Joined
11 Oct 2009
Posts
64
Location
Bangalore India
PostedJul 28, 2012 5:34 am
ewe

-----COMING SOON------ DAKHPHAM
Display posts from previous:   Sort by: