|
On August 13 2011 07:29 kwaky wrote: Can someone explain to me why I have to change my password to accounts the hacker doesn't know about? If my GomTV password was pass1234 and I used this password for my teamliquid account, why should I change my teamliquid password? The guy who has my GomTV info doesn't know I browse teamliquid, and even if he did, he doesn't know my TL login name. (teamliquid in this case is just an example)
Of course it is recommended to change passwords to everything to be safe, but technically there is no reason to change any passwords, right? (except for your e-mail, granted you use the same password)
You use the same password but a different username on different sites?
Why not do it the other way around, then, and be a touch safer?
|
On August 13 2011 07:33 Razuik wrote: Chances are most people use the same email for GOM as they do for Battle.net. Now do most people play SC2 and watch GSL? Also, a lot of people keep the same password for both.
Yeah I understand the e-mail part.
On August 13 2011 07:33 Resistentialism wrote: You use the same password but a different username on different sites?
Why not do it the other way around, then, and be a touch safer?
My post was just an example. (and as a matter of fact most of my usernames and passwords are different for each site)
I guess my post was more of a rhetorical question. Also if people use the same login/password for a lot of things, it makes sense to change your info.
Sorry it was my fault I assumed EVERYONE used different logins/passwords. D'oh. It definitely is better to be safe than sorry though!
|
I heard their stored all the passwords in plain text, just like Sony did. Fucking incompetent.
|
On August 13 2011 07:33 Resistentialism wrote:Show nested quote +On August 13 2011 07:29 kwaky wrote: Can someone explain to me why I have to change my password to accounts the hacker doesn't know about? If my GomTV password was pass1234 and I used this password for my teamliquid account, why should I change my teamliquid password? The guy who has my GomTV info doesn't know I browse teamliquid, and even if he did, he doesn't know my TL login name. (teamliquid in this case is just an example)
Of course it is recommended to change passwords to everything to be safe, but technically there is no reason to change any passwords, right? (except for your e-mail, granted you use the same password) You use the same password but a different username on different sites? Why not do it the other way around, then, and be a touch safer?
Also, you'd be suprised the ammount of information that can gathered about you just by knowing your e-mail, as it's a very insecure protocol.
|
Lord_J
Kenya1085 Posts
Eh, that's pretty sloppy, but in my case there's nothing of value that can be compromised with any of that information.
|
On August 13 2011 07:40 kwaky wrote:Show nested quote +On August 13 2011 07:33 Resistentialism wrote:On August 13 2011 07:29 kwaky wrote: Can someone explain to me why I have to change my password to accounts the hacker doesn't know about? If my GomTV password was pass1234 and I used this password for my teamliquid account, why should I change my teamliquid password? The guy who has my GomTV info doesn't know I browse teamliquid, and even if he did, he doesn't know my TL login name. (teamliquid in this case is just an example)
Of course it is recommended to change passwords to everything to be safe, but technically there is no reason to change any passwords, right? (except for your e-mail, granted you use the same password) You use the same password but a different username on different sites? Why not do it the other way around, then, and be a touch safer? My post was just an example. (and as a matter of fact most of my usernames and passwords are different for each site) I guess my post was more of a rhetorical question. For most people a search for their gom username and their e-mail yields further information about them and usually enough information to find more accounts. Unless attackers specifically target you, then as long as your e-mail, paypal and battle.net passwords are different then you are not likely to be attacked IMO, but rather safe than sorry. Especially when it doesn't take much to be safe.
|
Anyone know WHEN the passwords were hacked? I changed my pw about a week or two ago >.<. I'm hoping it was VERY recent, as that would save me a shitton of headaches.
|
Just changed my GOMtv password (and I'll probably do it again once GOM confirms it's safe). Good thing I didn't use this password anywhere else.
Edit : OMG I just posted with Day[9] ♥♥ (browsing TL between Battle.net Invit matchs :D )
|
On August 13 2011 07:49 Day[9] wrote: Anyone know WHEN the passwords were hacked? I changed my pw about a week or two ago >.<. I'm hoping it was VERY recent, as that would save me a shitton of headaches.
Well the exploit, I am assuming, has been around since the beginning. So while this particular case was made public now, it could have happened yesterday, the day before, the year before, or again 10 minutes ago.
|
On August 13 2011 07:49 Day[9] wrote: Anyone know WHEN the passwords were hacked? I changed my pw about a week or two ago >.<. I'm hoping it was VERY recent, as that would save me a shitton of headaches.
Seems no one has that info at the moment.
|
I changed my password just in case. Thanks for the warning!
|
from what i understand, mprs is correct. the exploit has been around for awhile but has only been made public now so it could have happened any time. the fact that certain accounts were suddenly misused and hacked doesn't give hard evidence as to when the breach actually took place. we'll probably have to wait for GOMs statement for that
|
No one should assume anything about when it was hacked/cracked. It's lucky we even know about it as if the user hadn't posted the screenshot no-one would be the wiser. Also, we can't know no one already used the same exploit he did previously.
Anyone who used the same password on GOMTV elsewhere should change it immediatly.
|
On August 13 2011 07:49 Day[9] wrote: Anyone know WHEN the passwords were hacked? I changed my pw about a week or two ago >.<. I'm hoping it was VERY recent, as that would save me a shitton of headaches.
There isn't a way of telling. The only thing to go off was the post of the image, which was very, very recent. However, this could have happened weeks, possibly months ago, and gone unnoticed. I would take the extra precaution if I were you, but you don't have to worry about any financial information unless your paypal password was the same, ofcourse. Check the sent folder in all your emails and make sure no spam mail got sent. That's when you have to start worrying. And Nice Casting at the Invitational!
|
Do we know if this has been solved? Until we dont know it has been solved its meaningless to change the password.
|
On August 13 2011 07:29 kwaky wrote: Can someone explain to me why I have to change my password to accounts the hacker doesn't know about? If my GomTV password was pass1234 and I used this password for my teamliquid account, why should I change my teamliquid password? The guy who has my GomTV info doesn't know I browse teamliquid, and even if he did, he doesn't know my TL login name. (teamliquid in this case is just an example)
Of course it is recommended to change passwords to everything to be safe, but technically there is no reason to change any passwords, right? (except for your e-mail, granted you use the same password)
There is a good chance that the information was stolen for a reason and that whoever did it will be looking to use the information in a specific way. I don't think it would be for credit card numbers etc, because as R1CH said, all transactions on gomtv.net are done through paypal. Personally, I use the same email for gomtv.net and my battle.net account, and I am sure I am not alone. If you also use the same password for both accounts, your battle.net account can be compromised as well (and your email for that matter). With such access to your personal information, somebody who knows what they're looking for can find a lot of information about you and probably get whatever they are looking for, whether it be credit card numbers or whatever.
I don't know if this is related in any way, but I received an email this morning from Blizzard saying they were investigated my battle.net account because they suspect that I have been trying to sell my World of WarCraft account (which has been inactive for months, as in I am not paying for it and cannot play the game). I received this email literally within an hour after reading this thread about GOM being compromised, and I am also on a very new computer which I am very careful with as far as viruses etc. Nor have I been trying to sell my somewhat worthless WoW account... which is also on the same battle.net account as my SC2, lol.
These incidents may be unrelated, I am not sure yet and I'm waiting for Blizzard to give me more information on the situation (which they probably won't). However, my point is that there are ways for people to hurt you even with limited information, unless you are very good about keeping yourself secure by using many different usernames, passwords, and email addresses, for your accounts on battle.net, websites you use, etc.
|
On August 13 2011 06:08 Integra wrote: what, they used plain text to store the password....... WTF, encryption is a build in feature in PHP and there existst thousands of professionally made salt functions out there. WHY are people so dammn retarded when it comes to security! Stupider than not encrypting your passwords is allowing SQL injection in the first place.
Ok, same level of stupidity.
|
Man I hope this isn't why I couldn't sign into my e-mail and have to change my password because of account lock.
|
On August 13 2011 07:58 ApBuLLet wrote:Show nested quote +On August 13 2011 07:29 kwaky wrote: Can someone explain to me why I have to change my password to accounts the hacker doesn't know about? If my GomTV password was pass1234 and I used this password for my teamliquid account, why should I change my teamliquid password? The guy who has my GomTV info doesn't know I browse teamliquid, and even if he did, he doesn't know my TL login name. (teamliquid in this case is just an example)
Of course it is recommended to change passwords to everything to be safe, but technically there is no reason to change any passwords, right? (except for your e-mail, granted you use the same password) There is a good chance that the information was stolen for a reason and that whoever did it will be looking to use the information in a specific way. I don't think it would be for credit card numbers etc, because as R1CH said, all transactions on gomtv.net are done through paypal. Personally, I use the same email for gomtv.net and my battle.net account, and I am sure I am not alone. If you also use the same password for both accounts, your battle.net account can be compromised as well (and your email for that matter). With such access to your personal information, somebody who knows what they're looking for can find a lot of information about you and probably get whatever they are looking for, whether it be credit card numbers or whatever. I don't know if this is related in any way, but I received an email this morning from Blizzard saying they were investigated my battle.net account because they suspect that I have been trying to sell my World of WarCraft account (which has been inactive for months, as in I am not paying for it and cannot play the game). I received this email literally within an hour after reading this thread about GOM being compromised, and I am also on a very new computer which I am very careful with as far as viruses etc. Nor have I been trying to sell my somewhat worthless WoW account... which is also on the same battle.net account as my SC2, lol. These incidents may be unrelated, I am not sure yet and I'm waiting for Blizzard to give me more information on the situation (which they probably won't). However, my point is that there are ways for people to hurt you even with limited information, unless you are very good about keeping yourself secure by using many different usernames, passwords, and email addresses, for your accounts on battle.net, websites you use, etc.
The blizzard mail is fake.
|
How a site with money transactions can have such bad safety is strange. Passwords in plain text is so 1992.
Have a unigue password for gom, that is now changed. Have gom said anything about the new password being safe, or is it stored in the same idiotic way?
|
|
|
|