Technetium wrote:What does it mean for a password to be hashed, exactly?
Technetium wrote:What does it mean for a password to be hashed, exactly?
4DEATH wrote:What is your average work/life balance like? I read more about your vacations than i read about you guys working on game.
Technetium wrote:What does it mean for a password to be hashed, exactly?
Shyyster wrote:So why didn't BMG hear about this data breach from an in-house source before the Reddit post was made on this topic?
Technetium wrote:Is the breach fixed? I figure since I have a smaller number of passwords than things I use passwords for, I should wait until it is fixed before changing the password (though I'm changing other passwords that were the same as the one here).
Shyyster wrote:So why didn't BMG hear about this data breach from an in-house source before the Reddit post was made on this topic?
While this is far from an official statement, one of the several Reddit posts on the subject contains a discussion about why BMG may have kept quiet about this. PyroEagle and Turdpile suggested that if BMG were to speak up about the breach, it could entice other potential hackers to breach the system again and again, since they have been told it is vulnerable.kristian818 wrote:How come that dehashed and I have been pwned state to know this from 28th december, yet you write about it now, 5 days later?
https://blog.dehashed.com/town-of-salem ... es-hacked/
They even state they made contact on the phone and email yet no statement just because it is vacation?
There should always be a person with focus on security available for contact during vacations in case something like this happens so customers get to know it ASAP and not 5 days after a breach...
If you thought you could just cover it up then that is even worse.
Why are you using MD5 hashing according to dehashed and have I been pwned?
MD5 can easily be cracked. Even various tech institutes consider MD5 essentially "cryptographically broken and unsuitable for further use".
It can't be true that a large company like this with 7.6M registered accounts and some paying customers can't handle security correctly and in good time when something happens.
kristian818 wrote:large company
williewest wrote:Shyyster wrote:So why didn't BMG hear about this data breach from an in-house source before the Reddit post was made on this topic?
In-house source? There's like, 7 of them. That's few enough that they all could've been off enjoying their holidays without really checking into their missed calls and emails too intently. I doubt there's a little IT gremlin named Steve who just dwells in the office basement over Holiday break and monitors the intake of contacts.
Everything else is just game related data.
Achilles wrote:kristian818 wrote:large company
Our staff is myself, pyro, shapesifter (community manager), docexer and blueheatwave (Artist).
I'm sorry that this all happened and wasn't responded to quickly enough but people were on vacation spending time with their families (and his emails went to our spam filter). We aren't a large company we are an indie company. Yeah we have a lot of registered users but it was a F2P game and millions of those accounts played a few games and never came back.
Sting wrote:Everything else is just game related data.
Could you please elaborate on this for clarity? On some 0-Day websites I've seen them reference this as browser analytics data, what exactly was stored here?
Shyyster wrote:williewest wrote:Shyyster wrote:So why didn't BMG hear about this data breach from an in-house source before the Reddit post was made on this topic?
In-house source? There's like, 7 of them. That's few enough that they all could've been off enjoying their holidays without really checking into their missed calls and emails too intently. I doubt there's a little IT gremlin named Steve who just dwells in the office basement over Holiday break and monitors the intake of contacts.
Customers data being possibly breach should be a top priority issue where the Devs should have a system in place for emails/calls, even if it's 10+ missed calls from X person. At some point the excuse "It's a small team" needs to stop being a defense for BMG screwing up, this is that point.
orangeandblack5 wrote:Now would be a great time to switch to https for the forums too, no? Unless I'm seeing things my browser keeps flashing "WEBSITE NOT SECURE" at me in bright red every time I try to log in lol
orangeandblack5 wrote:Now would be a great time to switch to https for the forums too, no? Unless I'm seeing things my browser keeps flashing "WEBSITE NOT SECURE" at me in bright red every time I try to log in lol
orangeandblack5 wrote:Now would be a great time to switch to https for the forums too, no? Unless I'm seeing things my browser keeps flashing "WEBSITE NOT SECURE" at me in bright red every time I try to log in lol
Users browsing this forum: No registered users and 4 guests