Maintenance for the week of April 6:
• PC/Mac: No maintenance – April 6
• PC/Mac: No maintenance – April 6
PSA A CHANGE OF PASSWORDS IS RECCOMENDED (AND NOT JUST HERE)
terrifiedkiller
Soul Shriven
http://money.cnn.com/2014/08/05/technology/security/russian-hackers-theft/index.html?hpt=hp_t1
in short i'd reccomend changing your passwords out of abundance of caution in the event that the said website was one of those that been hit. For those unaware there has been a whopping 1.2 billion user credentials that have been stolen across various unnamed websites i find it unlikly that ESO to be effected but id still change it to be safe.
in short i'd reccomend changing your passwords out of abundance of caution in the event that the said website was one of those that been hit. For those unaware there has been a whopping 1.2 billion user credentials that have been stolen across various unnamed websites i find it unlikly that ESO to be effected but id still change it to be safe.
6
-
NorthernFury✭✭✭✭Good advice.
Also, hypothetically speaking of course, it might be good to slightly alter any biographical data required when registering something online, such as a game user account. Just make sure you can remember what you submitted in case you need to contact support. Hypothetically.
Skadi Storm-Blade - VR14 Altmer Sorcerer
Brynnhild Valkyrja - VR12 Nord DragonKnight
Haakon Hardrada - VR12 Nord Templar
Sanguine's Tester (retired)
Cattle die
kinsmen die
all men are mortal.
Words of praise
will never perish
nor a noble name.
- The Havamal2 -
theyancey✭✭✭✭✭
✭It won't help until the hacked sites are fixed. Your new passwords would just be stolen. Here is some good non panic inducing info: http://www.komando.com/happening-now/265763/russian-gang-stole-more-than-1-billion-names-and-passwords/all2 -
S1L3NTKiLLaH✭✭✭"Holden said the gang makes its money by sending out spam for bogus products like weight-loss pills. That means that if you see strange messages being sent from your email or social media accounts, you might be among those affected."
My Reaction: "I already get junk mail."1 -
Nestor✭✭✭✭✭
✭✭✭✭✭For a while now, I have had different user names and passwords for websites. It's not enough to just have different passwords anymore.Enjoy the game, life is what you really want to be worried about.
PakKat "Everything was going well, until I died"
Gary Gravestink "I am glad you died, I needed the help"1 -
TheBull✭✭✭✭✭
✭1.2 billion is a lot...Killed by Sunshine 1vX How I see it.
Killed by Early Bright - Blood Flow - Magicka NB Build
Twitch - SunshineNB
Youtube - The Redguard2 -
NorthernFury✭✭✭✭1.2 billion is a lot...
The scary part to me is that they can plug all of these stolen passwords into a 'golden dictionary' tool and use it to break other encryption.
Skadi Storm-Blade - VR14 Altmer Sorcerer
Brynnhild Valkyrja - VR12 Nord DragonKnight
Haakon Hardrada - VR12 Nord Templar
Sanguine's Tester (retired)
Cattle die
kinsmen die
all men are mortal.
Words of praise
will never perish
nor a noble name.
- The Havamal2 -
nerevarine1138✭✭✭✭✭
✭✭✭✭✭
Love that comic so much.
By the way guys, the moral here isn't so much to have different passwords for things (although that's important). It's to have a different e-mail address for different kinds of accounts. I have one e-mail address for MMOs. I do not use that e-mail for anything else, so there's no way I was affected by this data breach. Same thing with online retailers. I do not use my personal e-mail address, let alone my password for any kind of commercial transaction.
Keep it secret. Keep it safe.----
Murray?3 -
TehMagnus✭✭✭✭✭
✭✭NorthernFury wrote: »
mmmm no, they cant...Most sites (that weren't coded 10 years ago) are protected against dictionary or bruteforce attacks (max login attempts).
The SQL injection methods are just about understanding how SQL works, how the forms are done and how to use it to your advantage, the "passwords" they speak of are just the passwords you use to login to the website, not encryption keys.
As for encryption, passwords are not used to read encrypted files, keys are (long series of bits)...
That gang has probably just been exploiting 0 day vulnerabilities & SQL injection vulnerable forms to get access to the databases of the hacked websites whose devs where *** enough to have passwords unencrypted in their databases or with weak encryptions...
But you can be as scared about the fact they have been exploiting a vulnerability long enough to get that much juice out of it without anybody noticing or any security experts finding out about the 0day vulnerability, you can be scared that many major companies still haven't taken the appropriate security measures to protect the data from their customers. Most dictatorships & superpowers are investing more & more money to back & hire such individuals to do their dirty job on the web, giving them the means & tools to break havoc as well as protection for their mischiefs as long as they continue to do the gov's dirty work.4 -
Loligo✭✭I use PWSafe (open source, multi-platform - look on sourceforge, iTunes, Google Store, etc.) and have it generate strong, random passwords.
Consequently, even if some scumbag got one of my bizarro passwords, they wouldn't get far because every site I use has a different password.
Don't like PWSafe? There are plenty of similar tools out there.2 -
DenverRalphy✭✭✭✭✭
✭✭✭✭✭
+1I use PWSafe (open source, multi-platform - look on sourceforge, iTunes, Google Store, etc.) and have it generate strong, random passwords.
Consequently, even if some scumbag got one of my bizarro passwords, they wouldn't get far because every site I use has a different password.
Don't like PWSafe? There are plenty of similar tools out there.
I use Safe In Cloud myself. I don't know that I could go a day without a PW manager. I have hundreds of passwords to keep track of.
2 -
TehMagnus✭✭✭✭✭
✭✭Password managers are only as weak as your computer and computers are even easier to hack nowadays than servers.
Those tools are good for this kind of problems where random databases are hacked and the pass you got in them is stolen. If someone is targeting you personally, a password manager will sadly just make the job easier for the hacker. I just use the same password for unimportant websites and strong passwords for email & important stuff (usually passwords I was given & learn't in closed work spaces so that they can't be found by knowing stuff about me)4 -
Tabbycat✭✭✭✭✭
✭✭✭Consider how many people use Password for their password. How many others use Password123 and it probably accounts for the majority of accounts stolen.Edited by Tabbycat on August 7, 2014 11:29AMFounder and Co-GM of The Psijic Order Guild (NA)
0.016%2 -
rsciw✭✭✭Consider how many people use Password for their password. How many others use Password123 and it probably accounts for the majority of accounts stolen.
Relevant:
http://www.networkworld.com/article/2226175/microsoft-subnet/top-25-most-commonly-used-and-worst-passwords-of-2013.html0 -
Tabbycat✭✭✭✭✭
✭✭✭Consider how many people use Password for their password. How many others use Password123 and it probably accounts for the majority of accounts stolen.
Relevant:
http://www.networkworld.com/article/2226175/microsoft-subnet/top-25-most-commonly-used-and-worst-passwords-of-2013.html
Happily, none of my passwords are on that list.
https://www.grc.com/haystack.htmEdited by Tabbycat on August 7, 2014 1:37PMFounder and Co-GM of The Psijic Order Guild (NA)
0.016%0 -
pahajuju✭✭If there had been such a large incident we would have gotten some more details. And the major sites, like paypal, amazon, ebay etc would have done something immediately.
I personally think it's a marketing ploy from the company that announced the news.
But we'll see.EU server, and loosing interest in the game.0 -
vyndral13preub18_ESO✭✭✭✭✭
✭✭✭✭I like to confuse the russians. I Use ThisIsNotMyPassword as my password.0 -
MonkeyAssassin24✭✭✭A lot of the consensus to this story is that it is corporate fear mongering.
Also realize (most importantly imo), the company that discovered this hack is called Hold Security, who charge a pretty hefty fee to customers who want to make sure their passwords and security are truly secure. Hmm...
EDIT: After my morning coffee my brain connected that 1.2 billion passwords could be multiples of the same people
. I still stand by my thought however that this is not a big deal at all. If you use strong passwords, you're probably fine (when things like this happen, they only have an encrypted version of your password), also Hold Security hasn't even released their information on this (shocking!) so we don't even know what websites were the ones used. For all we know it could be a bunch of old xanga.com passwords. Edited by MonkeyAssassin24 on August 7, 2014 2:11PMOn second thought, let's not go to the forums. 'Tis a silly place.2 -
nerevarine1138✭✭✭✭✭
✭✭✭✭✭vyndral13preub18_ESO wrote: »I like to confuse the russians. I Use ThisIsNotMyPassword as my password.
In Soviet Russia, password hashtag-encrypts you!----
Murray?1 -
Loligo✭✭MonkeyAssassin24 wrote: »A lot of the consensus to this story is that it is corporate fear mongering.
Also realize (most importantly imo), the company that discovered this hack is called Hold Security, who charge a pretty hefty fee to customers who want to make sure their passwords and security are truly secure. Hmm...
yes, it almost certainly was fear mongering / marketing.
I have a two-volume set of the Oxford English Dictionary... Wow, that's like 250000 passwords!!!11!1!1one!!!eleven!!
0
