Potential User Data Breach
" Yeah, that's what I'm worried about. GGG is big enough to be a target now (and was probably a target ever since sometime after 2.0), but especially a target now that they're launching an XBox version of PoE. We can't change the past, and it's pointless trying to place granular blame among GGG, but hopefully they've learned from this that they should have at least one full-time cyber security employee performing some sort of regular intrusion detection, researching threats, and responding to attacks. But GGG does have one big advantage: now that they're a target, they're small enough to maneuver and protect themselves quickly. Big companies and organizations struggle to make such a drastic change. ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▒▒▒▒░░░░░ cipher_nemo ░░░░░▒▒▒▒ │ Waggro Level: ♠○○○○ │ 1244 ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ |
|
I keep getting alot more spam mails since last week (2-3 on a daily base), that also use my former adress to make them look legit.
It is very likely, that the data stored on the servers is being used to do this. Some things are so powerful that one glance burns them into your mind forever!
Come let us gaze on nothingness. |
|
Well.... Blizzard Hack confirmed! Capitalism at its best, Blizz lacks the Quality in Games, especially shooting the Diablo Franchise to Pieces.... and then, they contact the CIA for hacking GGG, the only Way to get rid of the Success Path of Exile has!
People resist! GGG is the best Example for a F2P Game, growing up and getting famous because of an fair F2P System and ...that is important, for the Quality of this Game and de continued development! No serious Haxxor or hacking Community would ever attack your Company! Maybe someone, who played 24/7 since closed Beta and never found a Mirror of Kalandra, but no Freelancer or a serious Crowd. Casuals have eaten my Hobby
|
|
On a similar note:
http://gizmodo.com/lastpass-exploit-shows-that-last-password-you-made-prob-1793750568 Elder Shaper of Play-Doh
|
|
" GGG really isn't a small company and it doesn't rely on donations. |
|
" ^that :D I wanted to remind people too, that Chris works in software security |
|
" Nice ones :) I really like Computer- and Numberphile :) very good work there |
|
[Removed]
Last edited by Razgarnok#6030 on Feb 16, 2021, 7:24:32 PM
|
|
I didn't go through all comments to check whether someone already explained what "salted and hashed" means, but if your password has decent length and isn't something super generic like "password123" then you're probably fine.
Alright so a short explanation. For reasons like this breach, your password is almost never stored as plaintext in the database. Instead, a hash is stored. A hash is a sort of encryption which goes only one way. A hash function (used to compute a hash) has a few properties, the most relevant in this case is that from the hash you cannot feasibly derive the original input. When you try to log in and enter your password, what happens is that the server hashes your password and checks whether the computed hash is the same as the hash stored in the database (so in a way, GGG also doesn't know your password). Now the "salted" part. When a lot of hashed passwords leak, say millions, there is an attack a hacker can use to get access to at least some accounts. This attack goes as follows, enter a password into the hash function and check whether the hash is somewhere in the list of hashes you stole. As long as you stole enough hashes this will usually give you access to at least a few accounts (at least the ones with passwords like "password123"). To prevent this attack you use salts. Salts are usually simple words, each user gets a unique one and this gets attached to his password before it is hashed. Because of this countermeasure the aforementioned attack is no longer possible. (Google salted hash for a more thorough explanation I feel like I should rewrite parts for clarity but don't feel like doing so :)) Hope this helped. |
|
I'm going to need some free "wings of Security" to feel safe continuing to play and spend money with GGG.
|
|