compromised-accounts
Latest
Blizzard says beware of dangerous Trojan
If you play World of Warcraft, you might want to check for a dangerous new Trojan that is leading to compromised accounts. Blizzard warned customers that this Trojan, apparently brought on by a fake Curse client, can steal both the account information and the authenticator password, making even players who use the authenticator vulnerable. Customer service gave instructions on what to look for so players can see whether or not their machine has been infected. Although no current virus scanners can detect and remove the Trojan, Technical Support posted that a sample of the malware has been sent to anti-malware scanners and offered instructions for removing the malware by hand.
LinkedIn confirms security breach, 'some passwords' affected
Reports began swirling this morning that around six million passwords attached to LinkedIn accounts had been compromised, and after looking into the matter, the site has confirmed that "some of the passwords" attached to accounts of LinkedIn members have been affected. The network doesn't specify the number of passwords leaked, nor does it confirm the rumored count of six million. It does, however, promise that it will invalidate passwords of the hit accounts -- and vows to send an email to each affected user with instructions on how to reset their password, followed by another piece of correspondence explaining what happened. Below you'll find the company's official statement, as well as what it is doing to ensure its members are safe.
Hackers compromise 33,000 SOE accounts
Sony's hacking woes continue today, as intruders today have attempted -- and, in some cases, succeeded -- to access the giant corporation's accounts. Chief Information Security Officer Philip Reitinger posted a letter on several SOE forums informing players that their accounts may have been compromised. The good news is that less than 0.1% of Sony's entire playerbase has been affected. The bad news is that that leaves around 33,000 SOE players -- in addition to Sony Entertainment Network and PlayStation Network customers -- whose accounts were hacked. Following the intrusion, Sony temporarily locked the accounts and is investigating the situation. "Only a small fraction of these 93,000 accounts showed additional activity prior to being locked," Reitinger said. He assured customers that credit card numbers were not leaked and that any purchases made during this intrusion will be restored. SOE customers with locked accounts will receive an email with instructions on how to validate their credentials and restore their service.
"Solid one-two punch": Trion responds to account hacks
The saga of RIFT's account security woes continues, as Trion World's Scott Hartsman responded to the hacker attempts, reassuring fans curious about what steps were being taken to secure their accounts. Citing "constant attacks" since the launch of RIFT that have impacted 1% of accounts, Hartsman said that the team is blocking hackers and botnets as quickly as they are identified, but that this will also be an ongoing process. "Both the login fix and the Coin Lock addition have been doing their part in signficantly reducing overall incidents over the last 18 hours," Hartsman wrote. "Neither one is a silver bullet, but so far it is looking to be a solid one-two punch for the weekend." According to his post, Trion will be hiring additional staff to tackle the problem, and is working on a "two-factor authentication" process for the future. Hartsman also praised the efforts of the player who brought a serious log-in vulnerability to the team's attention. ZAM tracked down the player for an interview, who himself had his account hacked in early March. The player is an "ethical hacker" who owns a security software company and realized that these hacks were not the fault of the player, but an exploit that had been discovered.
Turbine upgrades LotRO's compromised account reimbursement policy
Account security is a worrysome topic in Lord of the Rings Online these days, especially following a reported rise in hacks and thefts among the playerbase. A couple months ago Codemasters implemented a stronger policy to help players recover lost property, a direction that Turbine followed yesterday when it revised its compromised account reimbursement policy. Sapience announced on the LotRO forums that this policy is significantly updated and expanded from the old one. Now when a player's account is hacked, Turbine gives a seven-day window to report the issue, during which the company can restore "most" of the lost items and compensate players for items that cannot be replaced. This, however, is not a true rollback and does not cover accounts compromised before February 24th. Turbine also reassured players that the studio is making it much tougher for unauthorized intruders to delete or sell rare items like raid gear, which should add another layer of protection from losing one's goods.
Runes of Magic addresses account hacks
What do you do if a game company's actions get under your skin? If you're a hacker that goes by the name of Cpt.Z3r0, you breach the company's account security and post thousands of user names and passwords to its public forum. Runes of Magic publisher Frogster recently fell victim to said cyber-bullying, and though the offending information was quickly removed from the game's German website, the saga is far from over. The hacker(s) claim possession of 3.5 million accounts, and in an anonymous video message recently uploaded to YouTube, state that Frogster "better start respecting the people that pay your salary." While specific details of the demands are unclear, the video message hints at Frogster's reputation for censoring critical forum posts. Runes of Magic community manager Mike "Silberfuchs" Kiefer posted an official reply on the game's boards, stating in part that a criminal investigation is underway and that the 2,100 compromised accounts have been blocked from accessing the game, forum, and account management until the dust settles.
Danger Will Robinson!
I saw this screen shot last night on the WoW LJ community, and I have to admit, it took me by surprise. This is the first time I've ever actually seen the World of Warcraft launcher/load screen come out and point-blank warn people about the presence of Trojans on their machines. As there are a lot of variants of this particular Trojan out in the wild, that specific name doesn't surprise me.Considering the fact that two Blue accounts were recently compromised, it looks like it's a good time to once again make sure your systems are patched, your virus scanners are up to date, and that you've got some good lines of defense against these Trojans. (Personally, I'm a huge fan of FireFox and some of the browser extensions that have come out for it.) Or, as some of my friends have told me, I could just get a Mac, and not have to worry so much about these kinds of things either. I keep telling them I'll happily switch when they buy me one.
