security breach
Latest
MapleStory breached, 13 million accounts exposed
The famously hacked Sony has a sympathetic shoulder this week, as Nexon recently discovered a massive breach that's exposed over 13 million MapleStory player accounts to cyber ne'er-do-wells. Discovered this past Thursday, the breach was solely limited to South Korea, as Nexon hosts separate countries on their own servers. This means that any South Korean MapleStory player's information is at risk, including user IDs, names, passwords, and residential registration numbers. This information could potentially be stolen and used for a variety of crimes. While there's been no word whether actual personal information has been stolen, Nexon nevertheless urged these 13+ million subscribers to change their passwords. The company has contacted the police to ask for a formal investigation. This comes at an unfortunate time for the company, as Nexon is poised to present its IPO on the Tokyo Stock Exchange in December.
Personal information stolen from Korean MapleStory servers, US accounts unaffected
While the majority of U.S citizens were stuffing their collective face holes with various dead birds and baked goods last Thursday, 13.2 million South Koreans scrambled to protect their identities from an as-of-yet-unidentified group of hackers. According to The Korean Herald, a security breach involving Nexon Korea Corp.'s MapleStory servers resulted in the "leak" of encrypted personal information, including usernames, passwords and the South Korean equivalent of Social Security Numbers. Players in other parts of the world need not be concerned, however. A Nexon representative told the Yonhap News service that South Korea's servers are independent from those in other regions, and as a result only South Korean information was compromised. Our guess? Jealous Canadian syrup extremists. It's the only explanation that makes sense.
Valve's Steam forum security compromised
Valve is the latest gaming company to suffer a security breach during the hackathon that is the year 2011. What's that got to do with MMOs, you say? Well, the company's Steam digital download service offers access to a ton of our favorite virtual worlds, and it has thus far seemed relatively secure. Kotaku reports that the Steam forums were hacked last night, with the paper trail leading to a cracker website known as Fknowned.com. The gentlemen in question are of course denying all responsibility for the mischief, and thus far Valve has offered no comment on the situation. It's worth noting that the Steam forum account info is separate from the actual Steam service account info, but it's also likely that some users employ identical sets of credentials. We'll keep you posted as we learn more.
SOE's John Smedley weighs in on the recent hacks
You'd think putting the words Sony and hack together in the same sentence would give John Smedley a minor heart attack. Not so, according to a GameSpot writer who spoke with Sony Online Entertainment's CEO at the recent GDC Austin event. Unlike the lengthy service outage that cost the company some credibility (and millions of dollars) earlier this year, the latest attempted security breach was neither widespread nor particularly effective, according to Smedley. It's also likely that the problem didn't stem from compromised Sony network data. "We've said publicly when we were compromised before that the information is out there and could have been used. That was obviously the first thing we looked at. Then we did the mathematical analysis and said 'obviously that's not what happened.' I'm not going to say it's impossible [{that}the info came from Sony]. We just think that's not the most likely case," Smedley explained.
Turbine forums down, security breach rumors rampant
A Casual Stroll to Mordor reports that Turbine has brought down the Lord of the Rings Online official forums due to a "potential issue in the forum system." But of course, in the MMO world, you can't just bring forums down without starting a few conspiracy theories. Rumors abound that the forum outage may be linked to some sort of security breach. Of course, we repeat, and please do listen when we say, this is only a rumor and in no way has it been verified. If and when it is verified or dismissed, we promise to let you know. Until then, please remain calm and carry on. That is all.
PSA: Bethesda reports possible security breach, changed your password
Hackers may have infiltrated the Bethesda forum database Friday morning, causing Bethesda to reset all user passwords. Forum user passwords were encrypted and Bethesda has not confirmed any information was taken, but is taking this precaution regardless. If you have an account on the forums, Bethesda recommends changing your password to something more secure than the name of your first dog and favorite number (Bubbles69) on all sites you have an account with. This is Bethesda's second hacker scare since June, so if you didn't change your information then, you might want to do it this time. Fool me once, and all that. [Thanks, Kevin!]
Sony exec says PSN hack was 'a great experience,' apparently means it
The following are what most humans would call "great experiences": eating gelato on a hot summer's day, riding a tandem bike with Anthony Hopkins, or, in the case of Sony executive Tim Schaaff, having your life's work nearly destroyed by a band of hackers. Because for Schaaff, president of Sony Network Entertainment, this spring's persistent PSN outage wasn't so much devastating as it was... enlightening. Here's how he described the hack (and ensuing epiphany) to VentureBeat's Dylan Tweney: "I think for people running network businesses, it's not just about improving your security, because I've never talked to a security expert who said, 'As long you do the following three things you'll be fine, because hackers won't get you... the question is how do you build your life so you're able to cope with those things. It's been a great experience." Phenomenal as it must've felt to get in touch with his inner defeatist, Schaaff admitted that he "would not like to do it again" -- probably because his mouth can only house one foot at a time.
Hacker pleads guilty to AT&T iPad breach
Nearly six months after his arrest, one hacker pleaded guilty to charges that he exposed the email addresses of over 100,000 AT&T iPad 3G users. It's been a year since Daniel Spitler and his compatriot, Andrew Auernheimer, coaxed Ma-Bell servers into delivering the goods, with a brute force script they lovingly named the iPad 3G Account Slurper. The hacker's plea agreement suggests a 12 to 18-month sentence, which is a lot more lenient than the 10-year maximum we hear he could face. Spitler's collaborator is apparently still in plea negotiations with the prosecutor. Both men initially claimed they were just trying to draw attention to a security hole, but maybe next time they'll think twice before embarking on such altruistic endeavors.
Codemasters website hacked, 'tens of thousands' of personal accounts compromised
This must be the season of the hacking witch as we've now seen yet another company's online security walls breached. Independent UK games developer Codemasters, responsible for titles like Dirt 3 and Overlord, has reported that its website was hacked on the third of June, exposing the names, addresses (both physical and email), birthdays, phone numbers, Xbox gamer tags, biographies, and passwords of its registered users. Payment information wasn't compromised, but when you consider that almost everything else was, that feels like hollow consolation. For its part, Codemasters says it took the website offline as soon as the breach was detected and a subsequent investigation has revealed the number of affected users to be in the tens of thousands. Those who might have been affected directly are being emailed with penitent apologies, while the rest of us are being pointed to the company's Facebook page while its web portal is kept offline.
Codemasters website, store, and database hacked
Another day, another game publisher in a hacker's crosshairs. This time around it's Codemasters, and Eurogamer has the details on a security violation that compromised the company's website, EStore, CodeM database, and Dirt3 VIP code redemption webpage. The intrusion occurred on June 3rd, and Codemasters has sent out a letter to affected customers advising of the potential threat to their identity-related information. The article reports that no payment details or credit card info was pilfered, but encrypted passwords as well as Xbox Live gamer tags and personal data (including addresses and user names) were taken. Thus far no groups or individuals have claimed responsibility for the attack. You can read the full Codemasters letter at Eurogamer.
Sony Pictures breach affects 37,500 users, far less than Lulz Security claimed
Well, Lulz Sec may have overstated its level of success by declaring it had stolen 1,000,000 passwords from Sony Pictures -- turns out the number is closer to 37,500. Now granted, any breach of user data is unacceptable, but when a hacker collective's haul is less than four percent of what it claimed, everyone can breathe a little easier. The troublemakers may have made off with email addresses, phone numbers, and passwords, but Sony says no credit card or social security numbers were compromised. The company issued a statement, which you'll find after the break, and is working with the FBI to track down those responsible. Hopefully this finally closes the door on Sony's security woes, and we can go back to bringing you stories about Angry Birds ports and Kinect hacks.
Sony Pictures hacked by Lulz Security, 1,000,000 passwords claimed stolen (update)
Oh, Sony -- not again. We've just received numerous tips that Lulz Security has broken into SonyPictures.com, where it claims to have stolen the personal information of over 1,000,000 users -- all stored (disgracefully) in plain text format. Lulz claims the heist was performed with a simple SQL injection -- just like we saw the last time around. A portion of the group's exploit is posted online in a RAR file, which contains over 50,000 email / password combos of unfortunate users. We've downloaded this file (at our own risk, mind you) and can verify these sensitive bits are now in the wild, though it remains unclear if what's published matches reality. In addition to user information, the group has blurted out over 20,000 Sony music coupons, and the admin database (including email addresses and passwords) for BMG Belgium employees. Fresh off the heels of the PlayStation Network restoration, we're guessing the fine folks in Sony's IT department are now surviving solely on adrenaline shots. Update: Sony Pictures has confirmed to Reuters that some of its websites have been hacked, and says that it's currently working with the FBI to identify the perpetrators. [Thanks to everyone that sent this in]
Sony says PlayStation Network will return to Asia, starting tomorrow
Good news, Asia -- the PlayStation Network is finally coming back. Today, Sony announced that it will restore its gaming network across the continent, more than a month after falling prey to a crippling data breach. The company's PSN services are already up and running across other parts of the world and, beginning tomorrow, will light up once again in Taiwan, Singapore, Malaysia, Indonesia, Thailand and even Japan, which had been harboring serious reservations about the network's security. Gamers in South Korea and Hong Kong, meanwhile, will have to wait a little longer before returning to normalcy, though Sony is hoping to completely resolve the issue by the end of the month. The company certainly seems eager to put this saga to bed, and for understandable reasons. The incident has already cost Sony an estimated $171 million in revenue -- not to mention the untold numbers of suddenly wary consumers.
SOE begins restoring game services
Sony Online Entertainment has good news for fans of its dormant MMORPGs. Service restoration has officially begun for all of the company's online games, forums, and related websites as of May 14th. Earlier today, the company issued a press release with the details as well as a statement from Sony executive Kazuo Hirai. "Our main priority is the safety and security of our customers' personal information. We are making consumer data protection a full-time, company-wide commitment, and have applied enhanced security technologies so that our customers can feel protected and confident about playing our games," Hirai said. SOE provided details on its Welcome Back promotion earlier this week, and today's release provides links to a handy chart covering promotions for all of the company's games as well as a summary of the initial customer service notice and contact information. The promotions include free play time for former (not just active) subscribers to SOE's MMOs, making it a great time to return to an old favorite.
Sony aiming for May 31st PSN service restoration [Updated]
Sony's network security woes continued over the weekend, and the light at the end of the tunnel still seems like a distant pin prick for the embattled gaming giant and its displaced customers. Bloomberg reports that Sony spokesman Shigenori Yoshida indicated the company plans to restart Playstation Network services by May 31st, which would bring the total downtime to a whopping 41 days. Nick Caplin, head of communications for Sony Computer Entertainment Europe, posted an update to the European PlayStation blog hinting at the reasons for a longer delay. "We expected to have the services online within a week. We were unaware of the extent of the attack on Sony Online Entertainment servers, and we are taking this opportunity to conduct further testing of the incredibly complex system," he wrote. While the PS3 versions of both Free Realms and DC Universe Online fall under the PSN umbrella, no word has been forthcoming as to a restart date for the rest of SOE's MMO stable, which includes the PC versions of the aforementioned titles as well as EverQuest and EverQuest II. [Update: CNET is reporting that Sony is considering a reward for information leading to the capture of the hackers. Meanwhile, Sony is apparently contesting reports about the May 31st date, suggesting no such hard deadline for PSN resumption exists.]
Sony woes continue as SOE confirms data breach (update: 24.6 million accounts affected)
Are you starting to feel bad for Sony yet? No? Maybe this will change your mind. Sony Online Entertainment has, apparently, been the victim of another breach that has, according to Nikkei.com, resulted in the release of 12,700 credit card numbers -- and presumably some other information as well. 4,300 of those credit card numbers are said to be Japanese, but no saying how many are American. Thankfully, data is said to be from 2007, minimizing the number of still-valid credit cards exposed making us wonder if perhaps this wasn't some sort of backup that was exposed. Regardless, SOE's online services were taken offline earlier today and, well, now we know why. We're presently expecting further information from the company but, until then, feel free to continue cowering in the corner and quietly sobbing onto your compromised credit cards. [Warning: subscription required] Update: According to the Wall Street Journal, Sony has also confirmed that the latest attack accessed personal information for a staggering 24.6 million accounts. Such info includes names, addresses, telephone numbers, email addresses, gender, date of birth, login ID, and hashed passwords. Ruh roh. Full press release after the break.
Sony executive to address media regarding PlayStation Network debacle
If you're curious what Sony higher-ups have to say about the recent PlayStation Network security debacle, you'll want to check out Kazuo Hirai's remarks to the media at 2:00 p.m. Sunday in Tokyo (1:00 a.m. EDT). Hirai, Sony Corp's executive deputy president, is expected to field questions from journalists as well as use his considerable PR skills to put a positive spin on the situation and its aftermath. Much is at stake for the global entertainment giant, including possible legal actions resulting from the compromise of 77 million user accounts (and the company's delayed response and acknowledgment of the problem well after the fact). It's a big moment for Hirai as well; the executive is considered the front-runner in the race to supplant current Sony president Howard Stringer -- who has "been vague about his plans from the next financial year that starts in April 2012" according to Reuters.
Hackers disguise phone as keyboard, use it to attack PCs via USB
We've seen hackers use keyboards to deliver malicious code to computers, and we've seen smartphones used as remote controls for cars and TV -- but we've never seen a smartphone disguised as a keyboard used to control a computer, until now. A couple folks at this year's Black Hat DC conference have devised a clever bit of code that allows a rooted smartphone -- connected to a PC through USB -- to pose as a keyboard or mouse in order to attack and control the computer. The hack takes advantage of USB's inability to authenticate connected devices coupled with operating systems' inability to filter USB packets, which would enable users to thwart such an attack. While utilizing a digital costume to hack a computer is a nifty idea, it doesn't pose much additional risk to users because the method still requires physical access to a USB port to work -- and most of us would probably notice someone plugging a smartphone into our laptop while we're using it. [Image Credit: Angelos Stavrou / CNET]
AT&T sends apology email to customers affected by iPad 3G security breach
Good news if you're one of the 114,000 iPad 3G owners whose email address was uncovered by hackers spoofing the AT&T ICC database the other day -- AT&T is very, very sorry, and it's written you a nice email to make it all better. Ma Bell says the "hackers deliberately went to great efforts with a random program," which is pretty funny -- we can only imagine the damage insincere hackers making a half-hearted effort with a non-random program could have done. In any event, AT&T says the hole's been patched, that it's working with law enforcement to figure out who's liable, and promises that it takes your privacy seriously. Yes, it's all very nice -- although we're sure affected customers would much rather hear that they're being comped a free month of service. Full email after the break. [Thanks, Brad]
FBI steps in to investigate iPad security breach
You might recall yesterday's news that a little trickery into AT&T's systems brought about the breach of 114,000 Apple iPad-owning email addresses. Now it seems the FBI has taken an interest in the case and has launched an investigation into the "potential cyber threat" of the snafu. As far as we know and have seen, the hackers were able to obtain just email addresses, although with that comes the knowledge that the victims in question own iPad 3Gs and don't mind AT&T's service -- don't click on any odd billing statements if you were affected. As stated previously, the carrier has subsequently apologized and proverbially "plugged the hole" from which the info was obtained. Not sure anything will come of this inquiry, but we'll let you know what we hear.
