PDA

View Full Version : Public Announcement - 04/15/2012



Vlada
04-15-2012, 09:38 PM
Public Announcement

April 15th, 2012
The SWGEmu Staff




Last night at around 1AM EST our staff discovered hackers may have obtained personal information from SWGEmu forums and IRC backups. We are today advising the personal information you provided us in connection with your SWGEmu account may have been compromised. Stolen information includes, to the extent you provided it to us, the following: username, email address, birth date and hashed password.


There is no evidence that our main database was compromised. It is in a completely separate and secured environment.


We apologize for the inconvenience caused by the attack and as a result, we have:



Temporarily turned off Liberator server;
Temporarily turned off our website and forums.
Quickly taken steps to enhance security and strengthen our network infrastructure to provide you with greater protection of your personal information.
Reset all the passwords, everyone should be getting an email (from daemon@site.swgemu.com) containing their randomly generated password. As soon as you are able to log on, please follow this link (http://www.swgemu.com/registration/changepassword.php) to change your password.


All those that didnt receive an email containing their new password should contact our support on IRC #swgemusupport channel or by email support@swgemu.com


We greatly appreciate your patience, understanding and goodwill as we do whatever it takes to resolve these issues as quickly and efficiently as practicable.


For your security, we encourage you to be especially aware of email scams that ask for personal or sensitive information. SWGEmu will not contact you in any way, including by email, asking for your personal information. If you are asked for this information, you can be confident SWGEmu is not the entity asking.


To protect against possible identity theft, we encourage you to remain vigilant, to review your account statements and monitor your E-mail, SWGEmu forums, Test Servers and Mantis accounts.


Sincerely,

~ The SWGEmu Team

jedimonkeylizard
04-16-2012, 12:00 AM
And if we are perm logged in that would mean the password isn't corrupted and doesn't need being reset?

Dialgo
04-16-2012, 12:05 AM
Silly hackers trying to mess up a good thing...Keep up the good work!

nealoc187
04-16-2012, 12:08 AM
what does "hashed password" mean?

Vlada
04-16-2012, 12:16 AM
what does "hashed password" mean?

Password Hashing (http://phpsec.org/articles/2005/password-hashing.html)


And if we are perm logged in that would mean the password isn't corrupted and doesn't need being reset?

Perma logged or not, your password was changed, you will be logged on forums but you wont be able to log in game.

Chuparua
04-16-2012, 12:19 AM
Must've been Brokovo, I hear he's always hackin SWGEmu.

buckyboo
04-16-2012, 12:22 AM
so what does it mean if the big database was compromised?

lordkain
04-16-2012, 12:24 AM
Silly hackers get a epic fail for this one!

Vlada
04-16-2012, 12:28 AM
so what does it mean if the big database was compromised?

Hackers may have forums and IRC info, IP's, user accounts info, blah, blah. blah.

sgtfunkadelic
04-16-2012, 12:33 AM
Thanks for resolving this issue so quickly and keeping us informed throughout. If this had happened to sony they probably would have shut down their service for a fortnight :)

Vlada
04-16-2012, 12:35 AM
This has been a long, long day.

Superjebus
04-16-2012, 01:01 AM
Thanks for the update, and the quick resolution. SWGEmu FTW.

Asoulan
04-16-2012, 01:03 AM
edit: nevermind...problem solved :)

Someoneimportant
04-16-2012, 01:13 AM
Hahahahahahhaa

na85
04-16-2012, 01:17 AM
Last night at around 1AM EST our staff discovered hackers may have obtained personal information

You discovered personal info had been compromised at 1AM and don't post about it until the next evening?

Why is it that this project is continually plagued by unprofessionalism?

Explain to me please why a site-wide email wasn't sent out immediately upon discovery like every other major community would do?

sgtfunkadelic
04-16-2012, 01:23 AM
You discovered personal info had been compromised at 1AM and don't post about it until the next evening?

Why is it that this project is continually plagued by unprofessionalism?

Explain to me please why a site-wide email wasn't sent out immediately upon discovery like every other major community would do?

How long do you think it took a 'professional' organization like SOE to inform its customers that their personal info might have been compromised when they had their hack ordeal last year? I think your expectations are slightly unrealistic.

na85
04-16-2012, 01:30 AM
Hahaha are you implying SOE is professional?

sgtfunkadelic
04-16-2012, 01:34 AM
Hahaha are you implying SOE is professional?

er no...that was sarcasm :)

swedefrog
04-16-2012, 02:20 AM
I just logged in to game with my normal password and have had no email and support@swgemu.com says "default mail client not properly instaled" ????? please help....

tonsters525
04-16-2012, 02:30 AM
Joker stealing money again?

eville
04-16-2012, 03:00 AM
glad to see the compromise was detected, keep up the good work!

RheonSen71
04-16-2012, 03:10 AM
Hmm....I never received a PW reset e-mail and just sent an e-mail concerning it. Interestingly enough I just logged on to the forums here with my old PW.
I was on the site at the time it shut down. I was going through the process of reinstalling the game on my new rig and the site went down as I went to DL the launchpad installer.

buckyboo
04-16-2012, 03:10 AM
You discovered personal info had been compromised at 1AM and don't post about it until the next evening?

Why is it that this project is continually plagued by unprofessionalism?

Explain to me please why a site-wide email wasn't sent out immediately upon discovery like every other major community would do?

Because maybe they didn't have enough info at the time, grow up and deal with it.

KrazyTrumpeter05
04-16-2012, 03:21 AM
You discovered personal info had been compromised at 1AM and don't post about it until the next evening?

Why is it that this project is continually plagued by unprofessionalism?

Explain to me please why a site-wide email wasn't sent out immediately upon discovery like every other major community would do?

Is this post for real? *twilight zone*

JennieRoe
04-16-2012, 03:30 AM
You discovered personal info had been compromised at 1AM and don't post about it until the next evening?

Why is it that this project is continually plagued by unprofessionalism?

Explain to me please why a site-wide email wasn't sent out immediately upon discovery like every other major community would do?

I'd rather they take the site and servers down and address the security issue, THEN worry about sending me an email. But that's just me.

Also I was not awake at 1am anyway.

Cegati
04-16-2012, 03:54 AM
/Soapbox

Whether or not the report was done soon after the incident or not is irrelevant. Whether or not you got an e-mail is irrelevant.

Here's what IS relevant:

There was a potential breach of security. That said, your password might be compromised. Regardless of whether or not it actually happened, the alert has been given. Now get off your duffs and change your password, if only to be on the safe side.


/EndSoapbox

MichaelRahl
04-16-2012, 03:57 AM
Of all the rotten bull****! To hack an open source free project made by the players, for the players?
Really? AND if I hear anyone say the word anonomys did this, I'll be quite upset, because those guys arent supposed to stand for this sort of kiddie bull****!
How does it feel, to have damaged a FREE AND OPEN SOURCE COMMUNITY PROJECT? Does it make you feel like a big billy bad-***?
What did you get out of it? Nothing, thats what you got.
This is what is wrong with the world, people that are just mad at it, need to target their anger better. Go hack the CIA or something you dumbasses, really?...

god333
04-16-2012, 04:48 AM
I am glad to see that it was contained. I also agree with cegati. Change your password and be aware of email's. Not like its the end of the world. We survived and will continue on. Not to mention at least it was caught that someone attacked and now we have better security. Hell maybe next time we'll find out who the bastard(s) is/are and give him something hell never forget.

spima
04-16-2012, 06:15 AM
hi all,

just a quick question: i recieved 5 emails from "daemon" - 1 at 23:22 (my time) telling me a password "A" - and at 23:58 i recieved 4 emails telling me password "B" (A and B stand for the generated password you send me - and password B is working)

im just curious and would like to know if this happened to anyone else and it should be like that.

regards,
richard

vasilij
04-16-2012, 06:44 AM
hehehe iv already recieved 2 phising attempts - "password changes attempt has been made to your account 'vasilij'" - sent by SOE apparently :b
Seems the data is being used to steal SoE accounts... good job...

Vlada
04-16-2012, 07:28 AM
You discovered personal info had been compromised at 1AM and don't post about it until the next evening?

Why is it that this project is continually plagued by unprofessionalism?

Explain to me please why a site-wide email wasn't sent out immediately upon discovery like every other major community would do?

We notified everyone on Facebook, Twitter and Google+, Acebalde spammed Nova with system messages, MOTD was changed in our main IRC #swgemu and several other channels.

We couldn't send an email notification to everyone, because the server that holds that data was the server that was attacked and it was taken down for security reasons.


I just logged in to game with my normal password and have had no email and support@swgemu.com says "default mail client not properly instaled" ????? please help....

It means that you dont have an email client installed, download and install Thunderbird or something like that.


hi all,

just a quick question: i recieved 5 emails from "daemon" - 1 at 23:22 (my time) telling me a password "A" - and at 23:58 i recieved 4 emails telling me password "B" (A and B stand for the generated password you send me - and password B is working)

im just curious and would like to know if this happened to anyone else and it should be like that.

regards,
richard

Yeah, i got 5 emails with 2 different passwords. There were two attempts to reset passwords, first timed out so we had to start another one after that timeout was disabled.

Audune
04-16-2012, 08:04 AM
=/

Not exactly what I'd expected getting emails from here, heh.

eisai
04-16-2012, 08:05 AM
Good work guys. This kind of crap could really throw some off the project, but you just keep plodding on!

Thorwine
04-16-2012, 08:16 AM
Thanks to the SWGEmu-Team for the good problem solving! Also thanks for the very quick password-support on the IRC...

Revanis
04-16-2012, 08:26 AM
Holy crap it's Audune.

Vlada
04-16-2012, 08:30 AM
Indeed it is.

LucidD
04-16-2012, 08:36 AM
I have another account and the password has been changed already, I assume...as I have failed 2 of 5 login attempts. It was my main account.

LucidD
04-16-2012, 08:44 AM
Just checked my email and found 5 password resets.

Valkyra
04-16-2012, 08:50 AM
=/

Not exactly what I'd expected getting emails from here, heh.

What kind of email WERE you expecting? =p

LDream5
04-16-2012, 08:58 AM
Got my account back, but can't login to game with it.

Auq-Din
04-16-2012, 09:00 AM
No email with the password reset yet. Has everyone been emailed?

Vlada
04-16-2012, 09:24 AM
Got my account back, but can't login to game with it.


No email with the password reset yet. Has everyone been emailed?

Please use SWGEmu - pass change (http://www.swgemu.com/registration/changepassword.php) to change your passwords.

LDream5
04-16-2012, 09:40 AM
Please use SWGEmu - pass change (http://www.swgemu.com/registration/changepassword.php) to change your passwords.

Had to change it twice. I did that the first time, but it only let me login to the forums and not the game. Tried it again and now I am back in business...

Revanis
04-16-2012, 10:00 AM
If your password works on the forums but not the game, then just use the Change Password page (http://www.swgemu.com/registration/changepassword.php) to change to another new password. Do NOT re-use an old password; not only is it risky but it may not be recognized by the system.

The now even newer password should then be able to be used on both the forums and the game client.

Merkor
04-16-2012, 10:11 AM
I have another account and the password has been changed already, I assume...as I have failed 2 of 5 login attempts. It was my main account.

Multiple Accounts arent Allowed, or has this been changed? I mean, they are not Allowed to have more then One Account.

Revanis
04-16-2012, 10:19 AM
Multiple Accounts arent Allowed, or has this been changed? I mean, they are not Allowed to have more then One Account.

It's not, he just decided to get it banned though.

Laron
04-16-2012, 10:38 AM
i never received the email, but you did change my password, or the hackers did, as i cant log in game. i'm lucky that i auto log here, or i'd be stuck out of here too. i got the password reset though, using "forgotten password" option then password reset. not complaining mind you. you did what you had to, to protect everyone's accounts and info. keep up the good work

edit: loggin in game just fine now with the new password *salutes*

Theron
04-16-2012, 02:16 PM
Joker stealing money again?

winner winner, chicken dinner.

bagracer
04-16-2012, 03:19 PM
Just wanted to say, you all showed the big companies the way hacking recover should be done, good job!. I did not receive a password change, but it was simple to use my change password option and never missed a beat. Seems crazy something like this would get hacked, but oh well, just shows how much attention you are attracting :) thanks very much for all your efforts at recreating what was for me as a long time veteran of mmo's the best ever, precu swg.

lordkain
04-16-2012, 03:54 PM
Maybe it was SOE/Lucasarts doing it getten a list so they can sue everyone for using there game!!Since TOR is tanking so bad!!They need a new way to bring money in.

Xiaminou
04-16-2012, 04:02 PM
I haven't received any e-mail, am I doing something wrong?

Vlada
04-16-2012, 04:07 PM
I haven't received any e-mail, am I doing something wrong?

Make sure you are checking the correct email account and if you are check in spam folder.

Or you can just change your password manually with: SWGEmu - pass change (http://www.swgemu.com/registration/changepassword.php)

darthlogan
04-16-2012, 04:38 PM
Someone should hack his stupid video on youtube and make him look more pathetic than he is (if possible). Parents should smack some sense into kids sometimes.

cuzz we all know who pay for this!! (yes because you suck, even at making SWGEMU hatred videos).

LordSniper
04-16-2012, 04:42 PM
I don't understand why some people can't use their hacking skills and put them to better use instead of doing something as stupid as they did...

chayn
04-16-2012, 04:43 PM
OK... who got banned recently..

Thanks Team.. :)

Xiaminou
04-16-2012, 05:12 PM
Make sure you are checking the correct email account and if you are check in spam folder.

Or you can just change your password manually with: SWGEmu - pass change (http://www.swgemu.com/registration/changepassword.php)

Just changed my password manually, thank you!

AZIronman
04-16-2012, 08:30 PM
I can't even change my ****ing password

ashur
04-16-2012, 08:34 PM
I can't even change my ****ing password

chose forgot password, thats what i did :)

AZIronman
04-16-2012, 08:38 PM
The password changer page thing isn't working for me

jedimonkeylizard
04-16-2012, 09:55 PM
You discovered personal info had been compromised at 1AM and don't post about it until the next evening?

Why is it that this project is continually plagued by unprofessionalism?

Explain to me please why a site-wide email wasn't sent out immediately upon discovery like every other major community would do?


This is a private concern...not a MMO company with dedicated 24/7/365 QA/CS staff.

If you want to Troll a Staffer here...you'll be lucky to have the ability to log in tomorrow.

Vlada
04-16-2012, 10:06 PM
IRC #swgemusupport channel AZ

Uli
04-17-2012, 12:20 AM
Dun goof'd

Moltov
04-17-2012, 02:39 AM
Thanks so much SWGEmu, for your hard work and quick response. You guys rock!

lei
04-17-2012, 09:38 AM
Quite rude act to deface a community driven project this way. Only fools go around defacing things.

Good to see how calm and professional the team is working on this.

CatLadyMeow
04-17-2012, 10:33 AM
I changed my password, and it required me to log in again (luckily I had not closed this page) and it would not take the new password. I tried it 5 times and then it said I had to wait 15 minutes. I decided waiting to try again was not worth it, obviously something was wrong. What can I do to change this again? I would hate to get locked out of the game because of this.

Vlada
04-17-2012, 10:45 AM
You are able to log on forums so you can use SWGEmu - pass change (http://www.swgemu.com/registration/changepassword.php) to change your password.

AZIronman
04-17-2012, 01:02 PM
IRC #swgemusupport channel AZ

I got in there and they told me to try the same things I've tried countless times. They told me to keep doing it and now I've tried for hours and no luck

Theron
04-17-2012, 01:16 PM
I got in there and they told me to try the same things I've tried countless times. They told me to keep doing it and now I've tried for hours and no luck

It's prob better this way.

cyrisszyonn
04-17-2012, 02:41 PM
You discovered personal info had been compromised at 1AM and don't post about it until the next evening?

Why is it that this project is continually plagued by unprofessionalism?

Explain to me please why a site-wide email wasn't sent out immediately upon discovery like every other major community would do?

This Happened on april 15th. I don't know if you seen the date or not? FYI

Revanis
04-17-2012, 02:43 PM
I got in there and they told me to try the same things I've tried countless times. They told me to keep doing it and now I've tried for hours and no luck

Then send an email to support@swgemu.com and say that, and ask if your password can be force reset or force set.

CaptainPickle
04-18-2012, 02:26 AM
You discovered personal info had been compromised at 1AM and don't post about it until the next evening?

Why is it that this project is continually plagued by unprofessionalism?

Explain to me please why a site-wide email wasn't sent out immediately upon discovery like every other major community would do?


Maybe because they are not doing this professionally, nor are we paying them. they are what is known as volunteers. And although we get what we pay for most times you have to admit we get a whole helluva lot for free.

Lobreeze
04-18-2012, 02:33 AM
so wipe huh?

THEXMAN
04-19-2012, 07:01 PM
Needed to update my password anyways.

lordunix
04-19-2012, 08:56 PM
This has been a long, long day.

I hear ya brother. Spent last 26 years dealing with systems and those trying to "break in" to them. Not much fun is it.

RowdyGowdy
04-20-2012, 05:26 AM
You are able to log on forums so you can use SWGEmu - pass change (http://www.swgemu.com/registration/changepassword.php) to change your password.
Will do... :)

Vlada
04-20-2012, 05:33 AM
I hear ya brother. Spent last 26 years dealing with systems and those trying to "break in" to them. Not much fun is it.

No, no its not.

spima
04-20-2012, 09:51 AM
what happend to the password change site ? it continuesly tells me that my "old" password is inncorrect (which is kinda weird cause it is allready filled in automatically) and so i cant change my password. and the login server doesnt let me in with the "old" password.
i allready tried resetting the password and it still doesnt work.

rgds, richard

wrrlykam
04-20-2012, 09:55 AM
I had no email, my old password was still working fine on the 19th. Changed my old password anyway just to be safe.

Vlada
04-20-2012, 09:56 AM
what happend to the password change site ? it continuesly tells me that my "old" password is inncorrect (which is kinda weird cause it is allready filled in automatically) and so i cant change my password. and the login server doesnt let me in with the "old" password.
i allready tried resetting the password and it still doesnt work.

rgds, richard

1. You need to reset your pass
2. Log on forums with the pass you get in the email
3. Then change it after that using: SWGEmu - pass change (http://www.swgemu.com/registration/changepassword.php)
4. And verify that it was successful by re-logging on forums and logging in game.
4.1. If you cant log on forums, repeat the whole process
4.2. If you can log on forums but not in game, just repeat number 3

spima
04-20-2012, 10:25 AM
hello vlada, thx for fast response.
i did:
1. log out
2. try to log in with wrong pw do get the message to get the password reset
3. followed both mails
4. go to the page you linked
5. typed in new password 2 times and the capthca (username and the old password are prefilled)

-> message appears: The current password you entered was invalid or did not match the password on file. This field must be completed.

any idea ?
rgds, richard

gordonh
04-20-2012, 10:51 AM
It sounds like the original pass field is being filled in my your browser and it's using the wrong one.

Vlada
04-20-2012, 10:53 AM
Try using one of the old passwords.

AZIronman
04-21-2012, 07:53 AM
Is the PW changer page thing supposed to prompt a captcha?

Vlada
04-21-2012, 08:10 AM
Send an email to support@swgemu AZ.

TheSpidy
04-21-2012, 09:37 AM
i have exactly the same problem, no matter if i copy paste the password or type it. also...
am i the only one with trouble passing the humanity check? its very difficult for me...

cheers


hello vlada, thx for fast response.
i did:
1. log out
2. try to log in with wrong pw do get the message to get the password reset
3. followed both mails
4. go to the page you linked
5. typed in new password 2 times and the capthca (username and the old password are prefilled)

-> message appears: The current password you entered was invalid or did not match the password on file. This field must be completed.

any idea ?
rgds, richard

Vlada
04-21-2012, 10:49 AM
Always try one of the older passwords and if all else fails, email support@swgemu.com

snaggy3
04-21-2012, 12:26 PM
Did thi put us back on the server wipe and update?

Vlada
04-21-2012, 01:03 PM
Maybe a bit, but not too much.

AZIronman
04-21-2012, 03:28 PM
Send an email to support@swgemu AZ.

I did, it didn't help at all

Vlada
04-21-2012, 04:25 PM
Come to IRC #swgemusupport channel we can try again, and again...

Funky_Dung
04-21-2012, 10:57 PM
Once you reset your password and have it sent to your e-mail, use that password as the "current" password. Then create a happy new password and be sure to dot your "t's" and cross your "eyes." http://www.swgemu.com/registration/changepassword.php

Audune
04-23-2012, 05:57 PM
What kind of email WERE you expecting? =p

"Ohgodohgod its done!" or "Ohgodohgod we're all going to die!"

But heh, whatever. At least someone is still paying attention to the backend ****.

Theron
04-24-2012, 12:34 AM
"Ohgodohgod its done!" or "Ohgodohgod we're all going to die!"

But heh, whatever. At least someone is still paying attention to the backend ****.

i miss you, please join IRC and be friends with me

RowdyGowdy
04-24-2012, 05:04 AM
Interesting, it seems ALL of SOE is down for "maintenance" once again... coincidence, I think not.

http://forums.station.sony.com/station/posts/list.m?topic_id=11500042008


Maintenance Notice: Monday, April 23, 2012 24 Hours!

Important: We will perform maintenance beginning at 12:01AM Pacific* on April 23, 2012. This will impact the following services:

Login for our games WILL be affected from 12:01 AM Pacific* to approximately 11:59 PM Pacific*
Commerce transactions, including purchases on our websites and in-game marketplaces will be unavailable between from 12:01 AM Pacific* to approximately 11:59 PM Pacific*
Account management will be unavailable starting 12:01 AM to approximately 11:59 PM Pacific*
Forums will be read-only starting at 12:01 AM to approximately 11:59 PM Pacific*
All Games will be unavailable starting 12:01 AM to approximately 11:59 PM Pacific*

We apologize for this interruption and will resume all affected services as soon as the maintenance is completed.

Vlada
04-24-2012, 05:34 AM
Interesting, it seems ALL of SOE is down for "maintenance" once again... coincidence, I think not.

http://forums.station.sony.com/station/posts/list.m?topic_id=11500042008

How exactly is that interesting and what does it have to do with us?

AZIronman
04-24-2012, 08:06 PM
I had to use a different computer to get the captcha to show up so i could change my password

xyborn
04-24-2012, 08:57 PM
lol @ this news

burf2000
04-25-2012, 01:11 PM
Surely hackers have better things to do like hack banks, online store etc

THEXMAN
04-25-2012, 07:43 PM
How exactly is that interesting and what does it have to do with us?

Its a conspiraSOE

Vlada
04-25-2012, 08:55 PM
Its a conspiraSOE

Of course it is.

RowdyGowdy
04-28-2012, 11:00 PM
Its a conspiraSOE

Of course it is.
http://i48.tinypic.com/8xljkn.png

Vlada
04-28-2012, 11:37 PM
http://i48.tinypic.com/8xljkn.png

Occam's razor (http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CDYQFjAA&url=http%3A%2F%2Fen.wikipedia.org%2Fwiki%2FOccam's _razor&ei=In-cT8jALMvIsgaelYR-&usg=AFQjCNF84W7jolTAzmttuT6WBHtaRGB1XA)




I think its time to put this behind us and move on.