Telstra GameArena and GamesShop websites hacked
do0b
Brisbane, Queensland
4330 posts
Telstra reset all user password because their sites were hacked.
They also have this message on their website home pages:
Security Advisory
We have reset the passwords of GameArena and Games Shop customers, after the sites were victims of a hacking attack.
Information that might have been obtained was limited to BigPond Games usernames, the email address used to join the site and the encrypted GameArena and Games Shop passwords.
No financial or credit card details were kept on the sites.
While your password for access to the site has been changed, and the new password has been emailed to you, we encourage you to change it at any other site where you might have used the same password.
Telstra BigPond Broadband password details, used for games service access, have not been affected.
If you have not received an email with your new password, please click here.
|
Clubby
Brisbane, Queensland
847 posts
Wonder how many people use the same password for their email address. Then the hacker could just log into their email and get the new password etc.
|
Dazhel
Gold Coast, Queensland
4876 posts
Gamearena hacked? I guess that explains the review score discrepancy then, 6.5 vs 9.2
*ducks* |
mongie
Brisbane, Queensland
7570 posts
The hacking attack occurred on the servers of a third party company that runs Telstra BigPond's GameArena and Games Shop websites, the telco said in a statement this morning.
So, how is everyone at Mammoth today?
|
Mass
Brisbane, Queensland
1200 posts
So, how is everyone at Mammoth today?
Yeah I don't think they are going to be finding much funny today......
|
skythra
Brisbane, Queensland
5583 posts
Wonder how many people use the same password for their email address. Then the hacker could just log into their email and get the new password etc.
Specifically, i have a totally and completely different password for my email and any forum login.
This is mostly because in the olden days, PHP forums used to sell or their databases would be hacked just to get emails to spam mail the users.
Or they'd just have really simple bots just going through passwords. But you'd see them trying to bruteforce attack accounts.
Hence i have about 7 passwords; The really shitty password that would allow access to only really shitty things, websites that i never cared about, higher than that is a diverse set of passwords which aren't too important i use 3 mainly for forums i like, and emails that i like, my emails never have the same password as any forum (my username and my email can easily be linked :P, skythra at gmails and skythra at hotmails etc). Then finally i have stuff like my netbank passwords, paypall passwords etc. These things consist of letters and numbers and capital with an unusual character where i can. They're variations of the same theme, numbers and capitals just changed around.
I have had this kind of 'layered' password security for a while probably since i was about 16. Though my passwords aren't the same lol. back then netbank and paypal didn't exist... actually i think they might have but i didn't have them.
|
thermite
Brisbane, Queensland
9669 posts
In the olden days your password was in the query string (in the url) of the forum, so when someone clicked a link on the forum to your page you could just record the referer and get their password.
I have a similar system to skythra, except my "shitty website" passwords are only 4 to 5 characters long. So it becomes very annoying when a "shitty website" decides it's an "oh so important security website" and makes you type in an 8 character password with letters, numbers, and other convoluted rules that don't fit into my system.
last edited by thermite at 11:05:41 24/May/12
|
andrewus
Brisbane, Queensland
2758 posts
lol gamearena gave diablo 3 a 6.5 ? lol
|
gamearena gave diablo 3 a 6.5 ?
Finally a realistic review.
|
DecayingCorpse
Brisbane, Queensland
2010 posts
Hogfather
Cairns, Queensland
12458 posts
GameArena website hacked
Didn't mammoth write some code for GA back in the day? - No surprises there then eh.
|
andrewus
Brisbane, Queensland
2759 posts
gamer i think mammoth run most of these services for telstra.
|
andrewus
Brisbane, Queensland
2760 posts
Telstra said the site is operated by a third party, so other Telstra customers shouldn’t be affected.
|
Hogfather
Cairns, Queensland
12459 posts
Wow, that's a bit mean gamer.
|
ravn0s
Brisbane, Queensland
15176 posts
i can't even remember what my gamearena password was
|
Reverend Evil™
Wynnum, Queensland
20497 posts
Coolies, just changed my password. Now, is it too early to talk about some type of compensation or should I wait a bit?
|
scuzzy
Brisbane, Queensland
15358 posts
So it becomes very annoying when a "shitty website" decides it's an "oh so important security website" and makes you type in an 8 character password with letters, numbers, and other convoluted rules that don't fit into my system. my annoyance is when there's maximum length limits, eg battlenet and hotmail have a limit of 16
|
ravn0s
Brisbane, Queensland
15179 posts
So it becomes very annoying when a "shitty website" decides it's an "oh so important security website" and makes you type in an 8 character password with letters, numbers, and other convoluted rules that don't fit into my system.
how dare they try and make your passwords more secure.
|
Mass
Brisbane, Queensland
1201 posts
Bah
Brisbane, Queensland
4707 posts
Was there a crossover in the qgl/GA logins at one point, because i seem to recall my GA account being made from my qgl one or something, but it was so long ago i may be mistaken.
So this may effect qgl as well?
|
Scooter
Brisbane, Queensland
5876 posts
how dare they try and make your passwords more secure.
/Insert XKCD comic about passwords here.
|
typo
Other International
6496 posts
Wow, that's a bit mean gamer.
Pretty fair though.
|
tension
Melbourne, Victoria
7059 posts
Maybe this has to do with why I am seeing ad's even tho I am logged in
|
Obes
Brisbane, Queensland
9655 posts
Luckily my password for here was only ever used here.
but were you at least hashing the passwords ? if so with what (lawls if it is rot13)
|
3x0dus
Townsville, Queensland
1632 posts
Hope it works out ok for Mammoth and they can restore confidence for Telstra.
Last Telstra third party vendor that had security issue is on the short boat to replacement.
|
infi
Brisbane, Queensland
18748 posts
lolz who would use gamearena...
|
Jc_23
Brisbane, Queensland
771 posts
Gamearena rocks yo. Also, giving rot to the virtual pioneers of the on and offline gaming world in Aus and have remained on the edge ever since is a bit harsh, and on a site they let you post on to boot! Armchairs are comfortable though I guess. (/Tony Greig voice) :p
|
Luckily my password for here was only ever used here.
but were you at least hashing the passwords ? if so with what (lawls if it is rot13)
well derr, even if all they got was the hashed passwords you'd still forcefully change everyone's passwords ... no point waiting around for them to brute force the ecryption.
|
Whoop
Brisbane, Queensland
19952 posts
Was there a crossover in the qgl/GA logins at one point, because i seem to recall my GA account being made from my qgl one or something, but it was so long ago i may be mistaken.
So this may effect qgl as well?
yeah, oldschool qgl'ers would have had the same account under GA and qgl I think. I know my passwords were the same but then they went separate.
Hence i have about 7 passwords; The really shitty password that would allow access to only really shitty things, websites that i never cared about, higher than that is a diverse set of passwords which aren't too important i use 3 mainly for forums i like, and emails that i like, my emails never have the same password as any forum (my username and my email can easily be linked :P, skythra at gmails and skythra at hotmails etc). Then finally i have stuff like my netbank passwords, paypall passwords etc. These things consist of letters and numbers and capital with an unusual character where i can. They're variations of the same theme, numbers and capitals just changed around.
Every site I sign up to has a different password, all my emails are different too.
|
Nathan
Brisbane, Queensland
4015 posts
From the released information
Information that might have been obtained was limited to BigPond Games usernames, the email address used to join the site and the encrypted GameArena and Games Shop passwords.
Emphasis mine |
tspec
Melbourne, Victoria
3535 posts
Hope it works out ok for Mammoth and they can restore confidence for Telstra.
Yeah, that was my first thought as well.
|
Jc_23
Brisbane, Queensland
779 posts
I have been giving this some thought - as you do, and am seriously interested as to who/m is responsible for this heinous event and their motives - it's not like it's an everyday event in Inarweb world and some sites are stating that it's one of the worst ever, comparing it to the Sony hack and saying it supersedes it etc? Part of me wishes I was still in the know so I could understand it all TBH.
They should be in phe4r of lawful retribution though, that is for sure - this kind of behaviour carries quite a significant period of incarceration these days, right? Sort of scary that at the push of the button people/1(one) person can have such a powerful influence over firms/people/corporations' reputations/finances etc, even more so when you consider the tech prowess of the people on the receiving end in this instance. I hope it never happens to my business/es TBH.
*wishes for a swift resolution* :( ;)
|
Khel
Brisbane, Queensland
19148 posts
Didn't they get credit card details in the Sony one? And hundreds of thousands of accounts? That sounds many magnitudes worse to me.
|
Eorl
Brisbane, Queensland
6766 posts
Not really Jc, it was simply username/passwords with no credit card details. I don't know why the media is convincing people that this is worse then Sony when they actually lost PSN accounts, credit card details etc. Maybe its just Telstra, and thus the warranted hate ensues?
|
greazy
Brisbane, Queensland
5371 posts
Hay guys lets post some dirty stuff while the admins are busy.
|
ravn0s
Brisbane, Queensland
15200 posts
did telstra list all their bigpond users info on the net last year?
|
TufNuT
I like eel pie
Brisbane, Queensland
3883 posts
did telstra list all their bigpond users info on the net last year?
yeah, an internal page was accessible online, people had access to account info including account password..
|
Whoop
Brisbane, Queensland
19982 posts
still no email telling me to change my ga password
|
still no email telling me to change my ga password
do you still have your bigpond email address? that's what I see when I look at your GA account
|
Jc_23
Brisbane, Queensland
782 posts
Thanks for the heads up Khel and Eorl (how is your dream job going btw?). I take it all with a grain of salt TBH and like hearing info from the horses mouth. I too was thinking that it was the uber punch behind the Telstra brand that drew so much attention despite the fact that the breach was relatively low level and there must have been layered protection or something? Why didn't they go the full malicious monty though? Shrugs, it is amazing how quickly stuff changes in this world - I spent the better part of 25 years at least 5 hours a day on the puteys and despite having a formal qualification ontop of that I feel like I'm only qualified to service Vn Commodores or Ea Falcons, lawls. :)
|
Obes
Brisbane, Queensland
9658 posts
I also have no had an email informing of the hack and to change my password.
|
Persay
Brisbane, Queensland
7526 posts
Mammoth should take a page from the andrew ettingshausen book of pr and not say anything to anyone about their failures and continue to make phat bank
|
typo
Other International
6497 posts
like hearing info from the horses mouth.
I'm pretty sure that the "masters of the www" have legal advice to shut their pie holes. Which would be fair advice.
I hope they have a theme song.
|
typo
Other International
6498 posts
Obviously Skeletor is finally coming good on his plans to invade Catle Greyskull
 |
greazy
Brisbane, Queensland
5375 posts
thermite
Brisbane, Queensland
9682 posts
Trog always looks like a criminal
- A pirate with a bandana
- A thug with a hoodie
- A catburglar with nightvision goggles
|
Dazhel
Gold Coast, Queensland
4889 posts
- A cat5 burglar with nightvision goggles
|
greazy
Brisbane, Queensland
5377 posts
- A studious cat5 burglar with nightvision goggles
|
shad
Brisbane, Queensland
3728 posts
Probably uses the cat5 to climb between buildings.
|
Whoop
Brisbane, Queensland
19984 posts
do you still have your bigpond email address? that's what I see when I look at your GA account
hmmm which one? I do have a bigpond email that I've had for ages but... BUT! I did have a different one ages ago because after we signed up, they brought in that 3gig cap thing so I pissed them off and when they got rid of it I came back.
I'll go check the account settings & see if it's the right one.
edit: tried to log in, told me I was using my old password and that I can click a link to reset it. worked like a charm. It's got my correct email btw.
|
typo
Other International
6499 posts
Hahah typo you are such a faggot.
But am I the master of the faggots? If so, I should get a cape with a big QGL with it on.
I'm also very interested in digital civil liberties and enjoy keeping up with the latest developments in law as it relates to issues such as copyright, privacy and security.
Obviously that doesn't mean internet security, but rather the Scrooge McDuck vault that he keeps his money bags from QGL LANs.
EDIT: Can't spell Scrooge. last edited by typo at 17:30:36 29/May/12
|
thermite
Brisbane, Queensland
9684 posts
Isn't typo like a disgruntled ex-QGL admin?
|
Saint
Cainer
Brisbane, Queensland
3187 posts
We always leave our back doors open for you Typo *wink*
|
Jc_23
Brisbane, Queensland
784 posts
Trog 'the male model' Sutcliffe!? :p
|
Reverend Evil™
Wynnum, Queensland
20508 posts
I might have found an error with the second line. Should that be "experienced"? My grammar skills are horrible so I could be wrong.
 |
Mantra
Crusty old man
Brisbane, Queensland
3063 posts
I might have found an error with the second line. Should that be "experienced"? My grammar skills are horrible so I could be wrong.
Thanks Rev, fixed that up...
|
This thread is archived and cannot be replied to.
|
PM
WWW