intrusion
Latest
The internet's governing body was hacked, too
The Sony Pictures hack is getting all of the attention right about now, but it turns out that another prominent organization recently was victim to a security breach as well. Last month, ICANN, the outfit that regulates the internet's domain names and IP addresses, fell prey to a phishing attack that tricked employees into giving out email login info. What'd the ne'er-do-wells get a hold of? Administrative access to all the files in the Centralized Zone Data System. Which, as The Register points out, granted the hackers access to unalterable generic zone files (what're needed to resolve domain names to IP addresses), and gifted them with contact information for, among others, some of the world's registry administrators. Passwords were stored as "salted cryptographic hashes," but ICANN deactivated them as a precaution anyway. The firm's wiki was breached too, but aside from public information, a members-only index page and one user's profile, no other private data was viewed.
Vodafone hacker accesses banking data of two million customers in Germany
Vodafone has confirmed that hackers have accessed its servers in Germany, gaining access to personal information and bank details of approximately two million customers. The operator says the breach was a "highly sophisticated and illegal intrusion" that it believes was masterminded by an insider -- and indeed a suspect has already been identified and handed over to police. It's not often you hear about a successful raid on a mobile operator, which is why Vodafone believes it could only have been conducted by someone with an "inside knowledge of [its] most secure internal systems." Vodafone customers outside of Germany aren't affected, and those inside the country should already have been contacted. The company says credit card information, mobile phone numbers, passwords and PIN numbers were not accessed in the attack, although Vodafone is warning customers to be especially vigilant about potential phishing attacks in the future.
'Possible' loss of user information in Crytek security breach
Crytek took down four of its websites due to "suspicious activity" over the weekend. According to a statement from Crytek, the security breach "may have resulted in some users' login data being compromised." "Although it is uncertain whether the incident led to the copying and decryption of email addresses and passwords, it is possible that users with accounts at these websites have had personal data copied," Crytek said. "On Friday afternoon we started to contact all affected users via email and informed them of the potential security breach." The four sites in question, crytek.com, mycryengine.com, crydev.net and mycrysis.com are still offline. Crytek said that "final details of when our sites will be back online will be communicated as soon as possible." Additionally, "no payment information from users was stored at all" on the sites in question.
Rumor: Origin hacked, EA denies intrusion [Updated]
If you have created an EA Origin account for any reason, such as for Star Wars: The Old Republic or Ultima Online, we advise you to change your password posthaste. Numerous sites are reporting that hackers have breached Origin's security and are potentially modifying account information and stealing it. Allegedly affected players claim that the hackers are changing the log-in emails associated with their accounts and that the new email addresses have a Russian suffix. In response to a question about whether any accounts were compromised by hacking, an EA spokesperson made the following statement: "At this point, we have no reason to believe there has been any intrusion into our Origin database." EA has updated us with its full security statement: Anytime a player has a question about the security of his or her account or personal data, we take it very seriously and take all possible steps to help. For any customer who cannot access their Origin account for any reason, we ask them to please contact Origin Help or EA's customer experience group at help.ea.com. The robust security measures in place to protect Origin users accounts are constantly being expanded and upgraded, and we also strongly recommend customers take the protective steps of using strong passwords and changing passwords often.
Trion Worlds customer database hacked, 'no evidence' credit card info stolen
Trion Worlds has become the latest in a long string of MMO studio security breaches this year, as the company reported an intrusion into its customer database. At risk of compromise were customers' user names, passwords, birthdates, email and billing addresses, and partial credit card info. However, the company states that "there is no evidence" that full credit card numbers were stolen at this time. In a message posted on the Trion Worlds website, the company promises that it is both researching the intrusion and taking steps to increase security. As part of this, all RIFT players will be asked to change passwords and security questions, and their mobile authenticators will need to be reconnected. The company urges customers to watch their bank statements for questionable activity, and provides customers with resources to get a free credit report and putting a freeze on credit reports. To compensate customers for the issue, Trion is providing all RIFT players with three extra days of gaming time and a Moneybags' Purse that increases all money looted by 10% in-game. [Thanks to everyone who sent this in!]
Square-Enix says no user info stolen during security breach
A week ago we reported that Square-Enix's Members site, a loyalty program for fans of the studio's games, suffered an unwarranted intrusion and was subsequently taken offline as the company conducted an investigation. It turns out that the best possible outcome of this investigation has occurred, as no personal information was stolen. Subsequently, the company plans to bring its Japanese and North American websites back online by the end of the month. Square-Enix posted the following notice as an update: As a result of our continuing investigation, we have now confirmed that the database in which we store personal information was NOT accessed during the recent server intrusion. Therefore, your personal information was NOT compromised by an unknown third party. Square-Enix is planning to restart the Square Enix Members service by the end of December. Details of the schedule will be announced at a later date. We deeply regret any inconvenience this may have caused our customers and fans, and appreciate your patience.
Perpetuum expansion launches December 1st, anniversary tourney this weekend
Perpetuum's latest expansion is rapidly approaching, and Avatar Creations has pumped out a good bit of info to make sure sci-fi sandbox fans are aware of all the goings-on in its maiden MMORPG. The Intrusion 2.0 patch hits tomorrow and brings with it substantial improvements to the mission and rendering engine systems, a new robot, and new conquerable outpost mechanics. Prior to the expansion, outpost conflict was fairly random, but now thanks to a concept called stability that lets corporations gradually increase their influence over a given facility, Avatar is allowing enterprising players to get a lot of more mileage out of the system as they build their empires across the planet Nia. As we reported last week, the devs are also hosting a tournament to celebrate the game's one-year anniversary, and you can read Avatar's description of the events after the break.
Some Assembly Required: Happy birthday Perpetuum!
Welcome back to Some Assembly Required, dear readers. This week marks something of a milestone for Perpetuum, the sci-fi sandbox set in the distant future on a far-flung planet known as Nia. Yes, the mech-based MMORPG has survived its first year (without a free-to-play conversion crutch!), and more than that, it's even grown a little bit. That's no small feat for an indie title in today's overcrowded MMO marketplace, never mind a niche sandbox that's been called a ground-based EVE Online. Join me after the break for a recap of Perpetuum's first 12 months.
Ask Engadget: best DIY wireless home security (and fire) system?
We know you've got questions, and if you're brave enough to ask the world for answers, here's the outlet to do so. This week's Ask Engadget inquiry is coming to us from Roger, who is just about tired of hearing "ADT." If you're looking to send in an inquiry of your own, drop us a line at ask [at] engadget [dawt] com. "I'm moving into a new place, and I need a good wireless home security and fire system. But here's the thing -- I only have a broadband internet connection and a cellphone. I can't use one of those traditional ADT systems that require a landline, and moreover, the $40+ per month they charge is outrageous. I need a DIY option that monitors both security and fire, and I'm fine paying up to $25 or $30 a month for UL-certified off-site monitoring. SimpliSafe and Lifeshield seem decent, but the former doesn't monitor fire yet. Support for live feeds and alerts on my smartphone would be a huge plus. Thanks!" Looks like SimpliSafe will be the perfect solution when it adds fire support in 2012, but Roger needs help in the here and now. Any paranoid homeowners out there have any other awesome suggestions? Drop 'em in comments below!
Valve: Steam user database hacked, no evidence of personal info taken
In a message sent to all Steam users by Valve's Gabe Newell, it was revealed that the vandalizing of the Steam forums, which occurred on November 6, was followed by an intrusion on "a Steam database." The hacked database included usernames, "hashed and salted" passwords, transcripts of game purchases, email and billing addresses, and encrypted credit card info. The message specified that Valve doesn't have any evidence of the intruders taking the credit card numbers or any other "personally identifying information," or that the encryption on said numbers or passwords had been cracked. The company is investigating the incident, but because a few forum users have been compromised all users must change their passwords during their next forum visit. Steam users aren't forced to change their passwords, but are encouraged to do so, especially if they match their forum passwords. Also, if your bank account, Paypal account, PSN, Xbox Live, email, AIM or, you know, anything, shares your forum password, you should probably change that too -- and then you should probably just move into a log cabin in the woods for a while. You can read Newell's full message after the break.
Perpetuum dev blog talks intrusion revamp
Avatar Creations has updated its Perpetuum dev blog, and the latest entry is quite a long read (and also of interest to players concerned about the game's intrusion and outpost conquest systems). As it currently stands, base attack and defense in Perpetuum is a pretty random affair. "One's ability to hold an outpost is largely luck, combined with the number of players one can bring to bear in a specific time zone," Avatar admits. The blog entry sums up the tentative path forward, and a future intrusion revamp will be deployed "rather than build[ing] upon a broken mechanic and creat[ing] more issues." What will the revamp entail? For starters, outpost ownership will cease to be about raid-and-retreat gameplay and instead will be focused on players who actually live on a particular island for the long term. Avatar is confident its new system will encourage PvP while simultaneously preventing instances where players wake up and are unable to access their assets. While there's no date for the intrusion revamp as of yet, there is quite a bit of mechanical info to be read on the official Perpetuum dev blog (and don't forget to leave your feedback in the comments and on the forums after you've checked out the details).
Sony Ericsson's Canadian online store hacked, more than 2,000 customers' data taken
The hackers just won't give poor Sony a break, will they? Following the infamous PSN breach last month and an attack on the company's Greek online music service earlier this week, Sony Ericsson has now seen another intrusion that extracted personal data of more than 2,000 Canadian Eshop customers. Fortunately, the company claims that passwords taken were encrypted and no credit card details were lost, but this is still worrisome nevertheless. Right now, the Eshop service has been taken off line -- for the sake of Sir Howard and his Japanese chums, let's just hope that this will be the last Sony breach we hear about. [Thanks to everyone who sent this in]
SOE partners with Affinion to offer identity protection for EU players
European players who were waiting to hear how Sony Online Entertainment is going to safeguard their identities as it did for U.S. residents can now rest easy. SOE has announced a partnership with Affinion International to offer a 12-month protection program for customers' identities. This program will provide a number of services to safeguard the compromised identities of Sony players affected by the recent hacking intrusion. These services include monitoring, surveillance, reporting, and insurance, and they cover players in the United Kingdom, Germany, France, Spain and Italy. If you qualify and want to take advantage of this program, you'll need to sign up by July 13th. SOE says that it will release details soon about how to do just that. Affinion's PrivacyGuard program is a well-known and comprehensive service designed to shield customers from all manner of identity theft, including unauthorized credit card usage and phishing scams.
PlayStation Network outage caused by 'external intrusion,' continues for third day
It started on a quiet Wednesday night, with PlayStation gamers finding their Network unresponsive to their login attempts, and now continues well into its third day. Sony has now finally shed some light on the problems it's been having with PSN and, to nobody's surprise, the culprit for its troubles has been identified as "an external intrusion." The current downtime for PSN is the second of its kind this month, with the Anonymous group of online crusaders claiming responsibility for the first. Sony now intends to keep both PSN and its Qriocity music streaming service offline until it can pinpoint the vulnerability that has been exploited and put a stop to it. Skip past the break for the company's full statement. Update: The PlayStation Blog has added an update to its US portal this evening that suggests the service disruption may continue for a good while longer -- according to Sony's Patrick Seybold, the company is "rebuilding our system to further strengthen our network infrastructure," and working non-stop to do so. [Thanks, Christian and Joe]
Perpetuum introduces Intrusion PvP system
As the Perpetuum beta progresses, the ability to build settlements and change your surrounding terrain remains one of the most highly publicized features of the game. Since it's still in beta, everything isn't in place quite yet, so the Perpetuum developers have introduced something to hold players over: the Intrusion system. Intrusion gives players the ability to take control of different outposts in the free PvP zones. The outposts become vulnerable during particular maintenance times, and player corporations can move in and use one of several different methods to take ownership of that outpost. The events are scheduled well ahead of time, and corporations need to register to compete at least 12 hours ahead of time. Check out the Perpetuum blog for all the details on the new Intrusion system.
