Support NeoGAF

Wollan · Aug 25, 2016

Received this e-mail an hour ago:

Data Breach on Funcom Forums

On August 24th, 2016, we discovered that user data associated with forum accounts on TheSecretWorld.com, AgeofConan.com, Anarchy-Online.com and LongestJourney.com have been compromised by a third party.

We regret to inform you that the data breach includes e-mail addresses, user names, and encrypted passwords associated with forum accounts on these forums. Even though passwords were encrypted, these can be cracked and should be considered compromised. It is important to note that forum accounts and game accounts are separate and are stored on different servers using different security systems. Game accounts have not been compromised.

The breach was possible due to a security fault in the vBulletin forum system. This security fault was corrected on our forums on August 19th, 2016, but we are unable to determine exactly when the data breach occurred prior to the fix.

As a temporary security measure, we have reset all passwords for every forum account on TheSecretWorld.com, AgeofConan.com, Anarchy-Online.com and LongestJourney.com. The next time you try to log in you will be told your password is incorrect and you will have to reset your password to continue. If you have used your old forum account password on your Funcom game account or any non-Funcom accounts, you should also change your password on those immediately.

We take this incident very seriously and will be taking measures to ensure it does not happen again. The bug that made this data breach possible has been corrected, but as a precaution we have taken our forums offline so we can conduct further investigations and ensure there are no more security issues before we bring them online again.

We sincerely apologize for the inconvenience caused. If you wish to talk to us, please get in touch with our customer service representatives via http://help.funcom.com and we will get back to you as soon as we can.

Thank you for your attention.

Best regards,

Funcom

DownGrader · Aug 25, 2016

Even though passwords were encrypted, these can be cracked and should be considered compromised.

So what was the point then...

doctorcdcs · Aug 25, 2016

oh no.

on another note: op, the link in your tag doesn't work... unless that was intentional

edit: never wipe a keyboard while in a text box

KojiKnight · Aug 25, 2016

DownGrader said:
So what was the point then...

Most likely the passwords were stored as simple hashes, the culprits then compare those hashes to known values, then use those passwords with their associated emails to get into something more secure...

The first target would likely be their game accounts as many people would use the same password for both, but maybe it's the same passwords they also used for their emails, etc.

Or are you saying in encrypting them to begin with? Why make hackers jobs too easy? Also a long secure password is a lot harder to crack and likely not worth the time.

Joni · Aug 25, 2016

DownGrader said:
So what was the point then...

It is a good policy. Even if they are encrypted, once stolen, they should be considered compromised. Encrypting them can give people a month of safety to change any shared passwords.

derFeef · Aug 25, 2016

I have forum accounts on all of them, luckily and of course not the same passwords like somewhere else. Sucks though, why ...

thebigmachine · Aug 25, 2016

Wollan said:
The breach was possible due to a security fault in the vBulletin forum system

Yuuup. It's like swiss cheese, horribly insecure. I think I'm safe since I don't usually sign up to forums for specific games/publishers.

snitch · Aug 25, 2016

I sincerely hope they mean hashed and not encrypted. If they're encrypting passwords; they fucked up.

Mithos · Aug 25, 2016

thebigmachine said:
Yuuup. It's like swiss cheese, horribly insecure. I think I'm safe since I don't usually sign up to forums for specific games/publishers.

Same, I never make forum accounts for games (MMO'S) only the actual game account part.

Nokterian · Aug 25, 2016

DownGrader said:
So what was the point then...

This is so weird sounds like it is plaintext and not salted or hashed in any kind.

lupinko · Aug 25, 2016

thebigmachine said:
Yuuup. It's like swiss cheese, horribly insecure. I think I'm safe since I don't usually sign up to forums for specific games/publishers.

Neogaf runs vBulletin.

Rafy · Aug 25, 2016

Nokterian said:
This is so weird sounds like it is plaintext and not salted or hashed in any kind.

Could be they were using MD5, which can easily decrypted online.

Zepp Twofist · Aug 25, 2016

I can't remember if my forum account shared credentials with my actual account. Guess I'll change the password to make sure nobody gets their hands on all my awesome role playing gear.

Labadal · Aug 25, 2016

I played one of their games for two hours. Fuck.

thebigmachine · Aug 25, 2016

lupinko said:
Neogaf runs vBulletin.

I know and as far as i'm aware they have never been hacked. That doesn't change the fact that it is frequently in need of patching/updating to stay ahead of all of the discovered vulnerabilities. This assumes there's someone in charge of doing this for Neogaf. I can guess with certainty that this is one of the exceptions across all the sites that use vBulletin.

Audioboxer · Aug 25, 2016

Probably explains some of the recent PS4 account compromises...

I have an account but the password as always was long, unique and created by last pass. Chances are though the criminals have been trying to use my email to log into other services.

kami_sama · Aug 25, 2016

Is the account the same you play with?
I don't remember using the forums.

Support NeoGAF

Funcom forums hacked (The Secret World, Age of Conan)

Wollan

Member

DownGrader

Member

doctorcdcs

Member

KojiKnight

Member

Joni

Member

derFeef

Member

thebigmachine

Member

snitch

Neo Member

Mithos

Member

Nokterian

Member

lupinko

Member

Rafy

Member

Zepp Twofist

Member

Labadal

Member

thebigmachine

Member

Audioboxer

Member

kami_sama

Member

Similar threads