Destructoid's User Records Compromised

January 19, 2009 -

Irreverent video game site Destructoid is cleaning up a bit of a mess this morning.

According to an e-mail we received from Destructoid editor Niero, a hacker cracked the site's user database over the weekend:

This is the letter every web site operator hopes he never has to write: it seems a glitch in our web site allowed someone to exploit the database this weekend. We have confirmed that the intruder succesfully obtained everyone's username and password.

As soon as we were alerted we shut down all servers, changed all passwords, took our forums offline, and notified everyone via email... We're doing everything we can do prevent this from ever happening again and deeply apologize for this incovenience.

On the bright side, we intentionally store very little personally identifiable information. However, you may still be at risk: If you frequently use the same password for other web services... we strongly urge you to update your password ASAP...


Destructoid has reported the incident to IC3 (FBI's internet crime complaint
arm)... We are also offering a $1,000 award to anyone with information that leads us to prosecuting the intruder...


Comments

Re: Destructoid's User Records Compromised

I've gotta wonder why they would store passwords in a readable/decipherable form anyways...

Did they store them as plain text? encrypted?

I would hope they would hash the password, so that it can't be read, but only confirmed for login purposes.

Re: Destructoid's User Records Compromised

Thankfully, my E-mail address password is different than Destructoid's.  However, given the quantity of passwords that I have to save for the many different sites, I'm kind of forced to use a set of three common passwords, especially since it's a bit difficult to automatically transfer saved passwords from one comptuer to another. 

I do have a password file, but even that's a bit fatiguing to search each time.  

Re: Destructoid's User Records Compromised

This is why you should ALWAYS be careful about your internet security... some useful tips (that hopefully should be obvious to most) if anyone's interested:

NEVER click a seemingly random link posted on a forum unless its to a site you know and trust... sometimes they might be legit, but sometimes the links contain hidden keyloggers designed to steal passwords and (in the worst cases) credit card numbers (these have been rampant on the WoW forums lately so I thought it'd be worth mentioning)

If you surf a lot... ALWAYS use Firefox with the Noscript addon... a lot of "driveby" spyware downloading is done through javascripts and noscript blocks those unless you whitelist the site (which only takes about 2 clicks)

NEVER, EVER use the same password for two different internet accounts... if one account gets compromised... you lose them all.

ALWAYS download antispyware and antivirus protection and run them regularly (i usually run mine about once every 1-2 weeks, but I dont surf or download much so it may be different for you)... some good free ones are AVG antivirus, Spybot: search and destroy, and Lavasoft Ad-Aware

Hope this helps, feel free to add on to this if i missed anything

"Go ahead and hate your neighbor, go ahead and cheat a friend. Do it in the name of Heaven, Jack Thompson'll justify it in the end." - nightwng2000

Re: Destructoid's User Records Compromised

I jsut downloaded Noscript, thanks.

Re: Destructoid's User Records Compromised

There's a addon for Firefox called passwordmaker that's good as it uses a master PW on your computer and makes a random one for each site you use it on. Also you can get a keystroke scrambler too.

Re: Destructoid's User Records Compromised

luckly I don't use Destructoid. But the lucky ones live to feel guilty, so I feel bad for anyones accounts outside of Destructoid that may have been comprimised, especially ones linking to personal banking accounts and such.

Re: Destructoid's User Records Compromised

A similar thing happened to me some punks hacked a forum I use and then I found I  couldn't get into MSN anymore. Fortunately MS reacted quickly to my E-mail. It wasn't fun though.

Re: Destructoid's User Records Compromised

... Yeah I saw the email. ><; (Luckily my cohorts have a site upgrade in the works, tho the worst I've had to worry about is rogue spambots on our forums :/)

300 Episodes and counting: http://www.orangeloungeradio.com/

400 Episodes, TEN YEARS and counting: http://www.orangeloungeradio.com/ | Voice of Geeks Network - http://www.vognetwork.com

 
Forgot your password?
Username :
Password :

Poll

Did you get a new video game for Christmas?:

Shout box

You're not permitted to post shouts.
MaskedPixelanteDude was at the center of a pretty serious plagiarism scandal back in 2011, and it was widely known he ripped off other musical pieces well before that.12/27/2014 - 9:33am
Kajex@Masked Right, because his work actually composing music for several Metroid games necessitated plagiarism.12/27/2014 - 9:04am
MaskedPixelanteI can't believe Kenji Yamamoto got another job. Then again, his job on Smash was "musical arrangment", so copying other people's work is right up his alley.12/26/2014 - 9:31pm
Matthew Wilsonthe company that hosts it is a cyber security firm, and from what I understand it is the data they they see just shown publicly.12/26/2014 - 8:22pm
Wonderkarpa question about that website, Matthew...how does it know its a cyberattack or not12/26/2014 - 8:06pm
Matthew Wilsonfor those intreasted in seeing cyber attacks in real time check out this site. http://map.ipviking.com/12/26/2014 - 7:51pm
PHX Corp@MP you can add me on XBL and Nintendo Network if you want, I go under TrustyGem(Same gamertag as on Steam)12/26/2014 - 2:01pm
CMinerI blame North Korea.12/25/2014 - 11:49pm
MechaTama31For the last few weeks, the GP site fails to load about 2/3 of the times I try.12/25/2014 - 11:13pm
MaskedPixelanteOK, is GP having trouble loading for anyone but me?12/25/2014 - 9:21pm
Matthew Wilsonits a bunch of script kiddies. ddosing is one of the easiest thing to do,and most companies can not stop it sadly.12/25/2014 - 5:05pm
MaskedPixelanteI like Nintendo as much as the next person, they're pretty much the only company putting out the games I want to play, but that was pretty embarassing to have NNID go down due to overuse.12/25/2014 - 4:35pm
MaskedPixelanteSee? It's NOT a repeat of last year's fiasco.12/25/2014 - 4:22pm
PHX CorpLizard squad is responsible for The XBL/PSN shutdown https://www.youtube.com/watch?v=QSpZvsoWvig12/25/2014 - 4:17pm
IanCOh shut up bitching about Nintendo. At least they advised people to downloading updates before the big day. Sony/MS? Not a peep.12/25/2014 - 3:50pm
MaskedPixelanteBoth PSN and Xbox Live are down. Since I'm sure Sony and Microsoft have better online support than Nintendo did last year, this isn't from "everyone logging onto their new devices all at once".12/25/2014 - 3:48pm
prh99John Romero's Christmas present, a custom Icon of Sin sculpture. http://www.pcgamer.com/john-romero-gets-the-icon-of-sin-for-christmas/12/25/2014 - 3:37am
Matthew Wilsonthe interview will be on youtube/xb1/ andriod today.12/24/2014 - 1:05pm
james_fudge1900's?12/24/2014 - 12:56pm
james_fudgeYeah we could go way way back :)12/24/2014 - 12:56pm
 

Be Heard - Contact Your Politician