IMPORTANT ANNOUNCEMENT: BREACH OF SECURITY

All you need to know about the happenings of TrueWoW can be found here.
User avatar
Nuko
Former Staff
Posts: 540
Joined: 27 Aug 2010 21:47
Location: United Kingdom

IMPORTANT ANNOUNCEMENT: BREACH OF SECURITY

#1 » Post by Nuko » 08 Oct 2018 10:20

IMPORTANT ANNOUNCEMENT: BREACH

Dear Players,

It has come to our attention that we have recently had a breach of our server's security. We believe that we have now got the situation under control and are continuing to search for any undetected vulnerabilities.

We know that e-mail addresses and password hashes were accessed and it is possible that they may have been leaked.

Password hashes are not plain-text passwords but are essentially encrypted by an algorithm that can only go one way and are thus meant to be unreadable on first glance. However, it is still possible that some of them may have been or could be brute-forced to reveal the original plain-text password, possibly even all of them.

We suggest you take no chances and therefore:
.
CHANGE YOUR PASSWORDS EVERYWHERE WHERE THEY ARE THE SAME AS HERE

.

This includes your personal and non-TrueWoW accounts. E-mail, Facebook, etc.

We offer our most sincere apologies to you, our players, for this lapse in our security. You trust us to keep your information safe, and we try our best to do so, but it appears that was not enough this time. The original hole was quickly locked-down after coming to our attention and we've taken additional measures to beef-up our security all-round. We have spent a few days double checking our code and permissions to make sure there is no remnant backdoor open before making this announcement as it would be worthless to announce it, have you change your passwords while the attacker can re-attack the systems. Now that we are confident your data is safe - please go ahead and change your credentials where possible.

We hope these actions will restore any trust you might have lost in us as a result of this incident.

More detailed information about the breach is to follow soon.
Nuko - In the event of malfunction, please insert tea.
"In the beginning the Universe was created. This has made a lot of people very angry and been widely regarded as a bad move."

User avatar
Jiranthos
Admin
Posts: 1978
Joined: 23 Jun 2015 03:43
Location: Not on your bad side, hopefully

Re: IMPORTANT ANNOUNCEMENT: BREACH OF SECURITY

#2 » Post by Jiranthos » 08 Oct 2018 10:23

Please change your passwords even if no suspicious activity has been seen on your accounts - these password hashes are usually sold to general (not targeting any individual specifically) hackers for password hash dictionaries so your password can be used months or years from now. The effect may not be immediate.

Once more, we express our sincerest apologies for letting this happen to your data and are available to answer any questions you may have about your account or steps that need to be taken to avoid or mitigate any damage.

Everybody knows that the best way to describe the ocean to a blind man is to push him in

User avatar
Jiranthos
Admin
Posts: 1978
Joined: 23 Jun 2015 03:43
Location: Not on your bad side, hopefully

Re: IMPORTANT ANNOUNCEMENT: BREACH OF SECURITY

#3 » Post by Jiranthos » 08 Oct 2018 10:37

Let this fiasco also serve as a reminder to never use the same password twice on multiple sites as your password will be only as safe as the weakest link and you risk the most valuable thing that password has also been used for - usually your e-mail inbox which can then be used to social engineer your friends and coworkers, recover passwords to your other accounts and gather personal information about you and blackmail you.


PLEASE CHANGE YOUR PASSWORDS EVERYWHERE.

Everybody knows that the best way to describe the ocean to a blind man is to push him in

User avatar
Benedictus
Senior Game Master
Posts: 193
Joined: 19 Mar 2018 13:29

Re: IMPORTANT ANNOUNCEMENT: BREACH OF SECURITY

#4 » Post by Benedictus » 08 Oct 2018 12:35

To change your in-game accounts passwords, you do it under "Account" then "Account manager".

To change your Forum passwords you do it like this: Under your profile> User control panel > Profile > Edit Account settings.

User avatar
mummieman
Donor
Posts: 21
Joined: 19 Jun 2017 23:56

Re: IMPORTANT ANNOUNCEMENT: BREACH OF SECURITY

#5 » Post by mummieman » 08 Oct 2018 13:22

tnx for the info and kudos for the quick fix
Image

User avatar
ashpool
Posts: 2
Joined: 24 Oct 2016 22:52

Re: IMPORTANT ANNOUNCEMENT: BREACH OF SECURITY

#6 » Post by ashpool » 08 Oct 2018 14:53

Couple questions:
  1. Were the password hashes salted?
  2. Did they all use the same salt?
  3. If they weren't salted and/or used the same salt, are you going to change this?

User avatar
BlackArcane
Posts: 5
Joined: 17 Feb 2017 09:57
Location: Albany WA
Contact:

Re: IMPORTANT ANNOUNCEMENT: BREACH OF SECURITY

#7 » Post by BlackArcane » 08 Oct 2018 15:08

I have no doubt you guys will get the matter sorted, and I continue to have full faith to you all. I know all TW players appreciate the time and effort the staff put in to make us all safe!
On that note, I shall go make some extreme password changes right now :D
In War, Victory.
In Peace, Vigilance.
In Death, Sacrifice.
-Dragon Age Origins

User avatar
Bloodshade
Posts: 149
Joined: 07 Aug 2014 23:19

Re: IMPORTANT ANNOUNCEMENT: BREACH OF SECURITY

#8 » Post by Bloodshade » 08 Oct 2018 17:23

o no my magic rooster and 200k gold got stolen by chinese hackers, mail them to me gm, thanks
- - -Wrathful chiken - - - - - Salty chiken - - -
ImageImageImageImage

User avatar
Nuko
Former Staff
Posts: 540
Joined: 27 Aug 2010 21:47
Location: United Kingdom

Re: IMPORTANT ANNOUNCEMENT: BREACH OF SECURITY

#9 » Post by Nuko » 08 Oct 2018 17:54

To answer your questions:
  1. Yes, they were salted.
  2. Yes, the salts were all different.
  3. We are looking at further ways to improve them anyway despite the above.
Nuko - In the event of malfunction, please insert tea.
"In the beginning the Universe was created. This has made a lot of people very angry and been widely regarded as a bad move."

User avatar
Regent
Tester
Posts: 375
Joined: 30 Apr 2014 16:11
Location: Darnassus, Teldrassil.
Contact:

Re: IMPORTANT ANNOUNCEMENT: BREACH OF SECURITY

#10 » Post by Regent » 08 Oct 2018 18:41

Thank you for informing us.
Passwords changed. I hope the damage to TW was minimal.
Rest in Peace,
Sarah Melody Jones.
May 20, 1989 - May 12, 2018.
Beloved Girlfriend & Mother-To-Be.
When I close my eyes, I see you.
When I open my eyes, I miss you.

ImageImageImageImageImageImageImageImage
Regent- - - - - - - - -Regentt- - - - - - - - -Regennt- - - - - - - - -Regency

User avatar
Gadoschi
Donor
Posts: 222
Joined: 27 Feb 2015 19:44
Location: Croatia

Re: IMPORTANT ANNOUNCEMENT: BREACH OF SECURITY

#11 » Post by Gadoschi » 08 Oct 2018 20:32

When did this happen exactly?
I need the exact time if you don't mind.
PC
MB: Asus M5A97 R2.0 (AM3+); CPU: AMD FX 8300 (@4,2GHz); GPU: Gigabyte R9 380 4GB GDDR5 (@1,15GHz); RAM: Kingston HyperX Fury 1866MHz (2x4GB Kit); PSU: Coolermaster V550 (80+ Gold); CPU Cooler: LC-CC-120; Case: Antec GX505; Fans: Antec TrueQuiet 120mm x5; Monitor: AOC G2460PF (24'', 1ms, 144Hz, Freesync); Keyboard: Corsair Strafe RGB (Cherry MX Red); Mouse: Logitech G302; Surface: Roccat Taito Mid 5mm

User avatar
Roel
Founder
Posts: 6485
Joined: 17 May 2010 14:51
Location: Planet Earth

Re: IMPORTANT ANNOUNCEMENT: BREACH OF SECURITY

#12 » Post by Roel » 08 Oct 2018 21:44

Gadoschi wrote:
08 Oct 2018 20:32
When did this happen exactly?
I need the exact time if you don't mind.
Last Wednesday night.

User avatar
Kniteknite
Posts: 2087
Joined: 09 Feb 2013 16:40
Location: Great Lakes

Re: IMPORTANT ANNOUNCEMENT: BREACH OF SECURITY

#13 » Post by Kniteknite » 09 Oct 2018 02:08

Thanks for this~
" French fries are like steaks, where the potato is the cow and gets cut up, like meat does, only on a smaller scale. "

User avatar
NoblestHeart
Donor
Posts: 64
Joined: 15 Aug 2015 11:27

Re: IMPORTANT ANNOUNCEMENT: BREACH OF SECURITY

#14 » Post by NoblestHeart » 09 Oct 2018 14:18

I got hacked, put in a ticket to get a piece of gear back and got told "CAN'T DO ANYTHING, GOOD BYE" (This was on Primal 2 - 3 dyas ago now after coming back) Not the first time either. I had a DK on the the True WoW releam and that disappeared after me being away for a long while, I didn't delete. That was a few years back. Got told same response "CAN'T DO ANYTHING, GOODBYE".

User avatar
Ravenseeker
Former Staff
Posts: 167
Joined: 19 Aug 2017 19:45

Re: IMPORTANT ANNOUNCEMENT: BREACH OF SECURITY

#15 » Post by Ravenseeker » 09 Oct 2018 15:19

NoblestHeart wrote:
09 Oct 2018 14:18
I got hacked, put in a ticket to get a piece of gear back and got told "CAN'T DO ANYTHING, GOOD BYE" (This was on Primal 2 - 3 dyas ago now after coming back) Not the first time either. I had a DK on the the True WoW releam and that disappeared after me being away for a long while, I didn't delete. That was a few years back. Got told same response "CAN'T DO ANYTHING, GOODBYE".
That was actually a week ago, before this breach. And the actual response was
We are sincerely sorry for your loss, but there isn't anything we can do about it. Always remember to secure your account.
I was unable to find any logs showing that you had indeed lost this item, possibly due to the age of the issue, and thus i am unable to help in your case.

Locked

Who is online

Users browsing this forum: No registered users and 2 guests