compromised
Latest
The War Z forums and databases hacked, taken offline for investigation
The War Z has been taken offline due to the compromise of its databases and official forums, publisher OP Productions has announced. "We have discovered that hackers gained access to our forum and game databases and the player data in those databases," the statement reads. "We have launched a thorough investigation covering our entire system to determine the scope of the intrusion. This investigation is ongoing and is our top priority."The user information obtained during the break in includes log-in e-mail addresses for the official forums and the game itself, along with the encrypted passwords associated with those addresses. No user payment information was compromised, however, as payments are handled by a third party company that operates outside of OP Production's ecosystem.Despite the fact that "there was absolutely no exposure of your payment or billing information of any kind," according to the statement, the possibility still exists for the stolen encrypted passwords to be decrypted, which could obviously be an issue for anyone that used the same email address and password for The War Z as they did for other, more vital internet accounts. As such, OP Productions recommends that its users change up their passwords.Beyond the promise of future updates, no further timeline was given with respect to when the game may come back online.
Gabe Newell confirms Steam security compromise
A few days ago we reported that Valve's Steam forum security had been compromised. A letter from Valve head-honcho Gabe Newell today confirms this fact and reveals that the intruders also gained access to a Steam database that contained a ton of personal information, such as usernames, encrypted passwords, email addresses, and encrypted credit card information. Newell adds that there is currently no evidence that any of that information was actually taken by the intruders or that credit card numbers or passwords were cracked. Steam users will be required to change their forum passwords when the forums are opened back up. While the company claims that no Steam accounts have been compromised, if your forum password was the same as your account password, a change would likely be a good idea.
Epsilon breach exposes TiVo, Best Buy email addresses, spambots stir into action
If you're subscribed to any of TiVo's email-based communiqués, now would be a good time to make sure your spam filters are up to scratch. Epsilon, TiVo's email service provider, has reported the discovery of a security breach that has compromised the privacy of some customers' names and / or email addresses. A rigorous investigation has concluded that no other personal data was exposed, however it's not just TiVo that's affected -- other big names, such as JPMorgan Chase, Citi, US Bank, Kroger, and Walgreens have also seen their users' deets dished out to the unidentified intruder. As we say, no credit card numbers or any other truly sensitive data has escaped, so the only thing you really have to fear is fear itself... and an onslaught of spam. Update: Best Buy and the US College Board have also joined the extremely broad list of affected organizations now, judging by the warning emails they've been sending off to our readers. Valued Best Buy customers should expect an email similar to the scawl posted after the break. Update 2: You can also count Chase Bank customers among those also affected -- not their bank accounts, mind, but their e-mail addresses. [Thanks to everyone who sent this in]
iPhone passcode bypassed by security researchers
A group of German researchers at the Fraunhofer Institute for Secure Information Technology report that they've cracked the iPhone's keychain system, allowing access to the passwords saved on any phone in just six minutes. By jailbreaking the target phone and installing an SSH app on it, the hackers found they could access any information on the phone that they wanted, without the need to input a passcode or any other form of security from the user. In other words, if they can get their hands on your iPhone, they have access to everything on the keychain, which includes any Gmail or Exchange accounts saved on the phone, as well as network, Wi-Fi and voicemail passwords, as well as the passwords on some apps. You can read the full report as a PDF online. The only solution that Frauhofer lists in the report is that any lost or stolen iPhone must require its owners to assume that all passwords included on the handset are compromised, and must all be changed and replaced as soon as possible. It's hard to think what Apple might be able to do about this -- as long as the phone can be jailbroken, this seems possible, and obviously Apple hasn't been able to stop jailbreaks in the past, for a number of reasons. On the other hand, this hack needs access to the phone itself, so if you don't lose your phone, you're still good to go.
