Jump to content

Bethesda Forum Hacked


Arthmoor

Recommended Posts

Not going to link to their Twitter feed btw, but if you want that it's not hard to find.This is fairly serious. Rumors abound that Bethesda was storing passwords UNENCRYPTED in their database, despite the fact that IP.Board should be storing them encrypted. WTF guys? If that's true then you seriously need to fix that, and RIGHT THE FUCK NOW.

Link to comment
Share on other sites

So much for the rumor - the passwords are stored in encrypted form, but one should still seek to change it ASAP. These bastards did in fact loot several critical databases full of information, which unfortunately included the user list from the Bethesda blog and all of the Bethesda administrator accounts on various servers.

Link to comment
Share on other sites

Douchebags.First Nexus, and now Bethesda. IP Board REALLY needs to stop fucking around and get their damn security software upgraded. :devil:angry.pngangry.png

Link to comment
Share on other sites

Don't say that! We're running IP Board... Unfortunately you're probably right though - so I just gave our admins a head's up. Sometimes being small is good.

Link to comment
Share on other sites

I don't think they got in through the IP.Board software. I downloaded the files lulzsec has and it looks like they actually broke in through *drumroll* a problem in Wordpress, which is what the Bethblog site uses. A significant portion of the data files they've stolen are all related to that, and to something to do with the Brink site.Fortunately since it seems regular folks can't even register accounts on bethblog, having the "user hashes" for those is next to useless since they're not related to anything. Unless you're Matt Grandstaff of course.Invisionboard is usually lightning quick about security issues and all passwords in that software are stored with salted hashes. These lulzsec guys are script kiddies and nothing more.Also, if you're a dumbass like me who consistently uses the same passwords all over the place, do yourself a favor and end that practice ASAP. I finally went and grabbed a copy of a Firefox extension called LastPass to deal with all that. The downside I suppose is that if LastPass ever gets messed up on my system I'll be screwed. In much the same way I nearly screwed myself on the blog this morning. Nothing like locking yourself out of your own account because something is wonky with Sandbox's password update code.

Link to comment
Share on other sites

:lol: That sounds similar to what our main admin did: he accidentally IP banned himself! One of the other kind-hearted admins un-banned him. That was good for a chuckle. I use FF's PasswordMaker. It creates passwords of any length with a highly customizable permissible character list. The generated password is based on a URL that you give it. It then stores them all under a master password that you provide. Even at that though, it's still a royal pain having separate passwords everywhere *sigh*
Link to comment
Share on other sites

Wish I'd known about PasswordMaker sooner, since it sounds like a more integrated solution. I guess I can still check it out though. LastPass is pretty good but it's notification bar got seriously irritating to the point where I turned it off. The biggest dig against it though is that it stores shit in the cloud, BAD BAD BAD.Erm. Right. This PasswordMaker thing isn't all it was cracked up to be since there doesn't seem to be any clear way to generate passwords for each individual account. Stuff like this needs to be easy, not obfuscated :P

Link to comment
Share on other sites

Go into Advanced Options. Create a new group. Select the group and create a new account. Voila passwords for each individual account. And you can specify how long the passwords should be and what characters can be used for each account. It's pretty easy to use once you have it set up, but a bit tricky to get started. Kinda like Wrye Bash...

Link to comment
Share on other sites

Maybe, but it still feels extremely unwieldy and Firefox's native manager is good enough as long as you have something handy to generate passwords with. Which I do, now that I've got a copy of KeePass. There's even a Firefox extension bridge to it but it doesn't like the Aurora branch or something, won't install, but that should get dealt with soon enough.Storing your password info in the cloud? HELL NO.

Link to comment
Share on other sites

I love how KeePass said that one of the passwords I generated for an online banking site was too weak, well, I had little choice. Of all the places I've been updating today, the banking site won't let you make one bigger than 12 characters and KeePass didn't give it a nice green bar saying it was strong enough :PMost of the other places I've hit took the default size the program offers. So good luck hackers, I just made it a lot harder to get at me.

Link to comment
Share on other sites

Those lulzsec hackers are getting themselves into a situation they don't want to be in - DDoS'ing the CIA seems like a REALLY bad idea.

Link to comment
Share on other sites

I had a federal agent knock on my door one time.Thankfully, he was only asking for an address (which I genuinely did not know the location of).

Link to comment
Share on other sites

Wont be long now before LulzSec is history - they got th3j35t3r's attention with the CIA hit. I think I know far too much about this stuff already :P

Link to comment
Share on other sites

I heard they hacked and took down the Minecraft servers today.Anyone else notice the sudden 18 Important windows updates today? lol

Link to comment
Share on other sites

Minecraft got knocked out on Monday actually.And yesterday was Patch Tuesday, no surprises there.Also, WTF, read an article on Ars Technica about Bitcoin. Why the hell am I just now finding out I could have been burning up clock cycles generating virtual currency that people are now willing to trade at a 20:1 ratio for REAL DOLLARS?!?!?

Link to comment
Share on other sites

Why would they hack the same site twice in a row?With the exception of the CIA, and possibly Microsoft, they seem to targeting sites that are unlikely to have any information that can't be garnered from the local phone book: why?

Link to comment
Share on other sites

Because they think they're cool/funny/important but they'll just be in jail or worse very soon. th3j35t3r isn't the kind of person you want to be messing with, and you certainly don't want the CIA coming for you.

Link to comment
Share on other sites

Well we can add Bioware to the list of victims. Their old NWN forum got jacked. If you're one of the unlucky ~18,000 people who got hosed you'll be hearing from EA soon.

Link to comment
Share on other sites

I was actually under the impression some 12 year old cracking bioware was a thrice daily event. Just like meals! Eat breakfast, play fable, crack bioware, eat lunch, play Wow, crack bioware...I don't think anyone plays the sega machine anymore, but they do make games for the 360 and playstation. Oh, wait, they also make handhelds.

Link to comment
Share on other sites

I doubt very much Bioware (EA now) has that much of a problem with their network infrastructure. Also, these LulzSec guys aren't 12 but I'd wager they're not much past their late teen years or early 20s. The Jester will have all that information soon enough since he's on their trail big time now. It'll be a bit like "Hello, FBI? Here. You'll want this info. Have fun."

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...