Page 1 of 2 12 Last
  1. #1
    LordEntrails's Avatar
    Join Date
    May 2015
    Location
    GMT -7
    Posts
    8,191
    Blog Entries
    9

    Data Breach, Gaming Sites Affected

    If you needed another reason to use unique passwords on each and every website, here's another; https://techcrunch.com/2019/02/14/hacker-strikes-again/

    A hacker who stole close to 620 million user records from 16 websites has stolen another 127 million records from eight more websites, TechCrunch has learned.

    Current Projects: Ultimate Undermountain (NYDUM)
    Community Contributions: Gemstones, 5E Quick Ref Decal, Adventure Module Creation, Dungeon Trinkets
    DMsGuild Content: Balance Disturbed (Adventure), Dungeon Room Descriptions
    FG Product Reviews: Virtual Scribe Reviews

  2. #2
    damned's Avatar
    Join Date
    Mar 2011
    Location
    Australia
    Posts
    18,926
    Blog Entries
    1
    Roll20, a gaming site, had 4 million records listed
    Ouch.

    MoreCore - Generic Ruleset
    --- Projects ---
    Extensions | Tutorials | MoreCore | MoreCore Themes | Call of Cthulhu | Maelstrom | FG Con

  3. #3
    LordEntrails's Avatar
    Join Date
    May 2015
    Location
    GMT -7
    Posts
    8,191
    Blog Entries
    9
    What gets me is that according to that article is one/some of the websites (unspecified) stored the passwords in plaintext. That, imo, should be criminal. No wonder Europe has implemented the GDPR, I hope everyone else follows.

    Current Projects: Ultimate Undermountain (NYDUM)
    Community Contributions: Gemstones, 5E Quick Ref Decal, Adventure Module Creation, Dungeon Trinkets
    DMsGuild Content: Balance Disturbed (Adventure), Dungeon Room Descriptions
    FG Product Reviews: Virtual Scribe Reviews

  4. #4
    LordEntrails's Avatar
    Join Date
    May 2015
    Location
    GMT -7
    Posts
    8,191
    Blog Entries
    9
    Some interesting info, Under Armour announced the Breach March 29th of last year. http://www.uabiz.com/news-releases/n...easeID=1062368

    Anoimoto on July 10th; https://techcrunch.com/2018/08/20/an...location-data/

    Houzz on Feb 4th; https://help.houzz.com/s/article/sec...language=en_US

    px500 on Feb 13th and the breach was from July 2018; https://techcrunch.com/2018/08/20/an...location-data/

    Coffee Meets Bagel and Roll20 just acknowledged it today; https://techcrunch.com/2019/02/14/ha...e-meets-bagel/ & https://app.roll20.net/forum/post/72...ecurity-breach

    What I wonder, is why some of the sites knew about it before it was publically announced, and why others did not. I suspect that's because some do regular security audits and others don't. But, maybe someone more familiar with security can shed more light?

    Current Projects: Ultimate Undermountain (NYDUM)
    Community Contributions: Gemstones, 5E Quick Ref Decal, Adventure Module Creation, Dungeon Trinkets
    DMsGuild Content: Balance Disturbed (Adventure), Dungeon Room Descriptions
    FG Product Reviews: Virtual Scribe Reviews

  5. #5
    damned's Avatar
    Join Date
    Mar 2011
    Location
    Australia
    Posts
    18,926
    Blog Entries
    1
    the breaches are unlikely to have all happened on the same day.
    and there is as you suggest a widely varying difference in businesses ability to detect these things...

    MoreCore - Generic Ruleset
    --- Projects ---
    Extensions | Tutorials | MoreCore | MoreCore Themes | Call of Cthulhu | Maelstrom | FG Con

  6. #6
    Check out my FG theme - The Coming of Night

    FG Ultimate License
    D&D5e-Pathfinder-Savage Worlds

  7. #7
    Just some food for thought here and to ease people's minds:
    • Passwords are hashed in our system and we can't recover them, we can only reset/replace them
    • Our system stores emails, forum posts, blogs and purchase history.
    • Our system does not store any financial data for customers or customer addresses. Those are all offloaded to PayPal and don't enter our system at all. Even monthly subscriptions are billed directly from PayPal and not from our end.
    • Steam handles all payment, financial and other information for customers on Steam. We only get enough info to link a purchase to an account here.
    • We contract out to a firm to regularly review and patch our servers and we apply the latest forum software updates for the stable version we are working with
    • We maintain and archive server access and error logs that we periodically review with our outside contractor
    • We utilize Cloudflare as an extra layer of protection on top for protection against a wide array of attacks


    I do encourage people to use different passwords for different sites.
    Last edited by ddavison; February 15th, 2019 at 16:52.

  8. #8
    Thank you very much for the info, we all appreciate your efforts at keeping our info safe.

  9. #9
    LordEntrails's Avatar
    Join Date
    May 2015
    Location
    GMT -7
    Posts
    8,191
    Blog Entries
    9
    Thanks for the info Doug. FYI, I wasn't fishing for a response from you, but do appreciate it!

    Current Projects: Ultimate Undermountain (NYDUM)
    Community Contributions: Gemstones, 5E Quick Ref Decal, Adventure Module Creation, Dungeon Trinkets
    DMsGuild Content: Balance Disturbed (Adventure), Dungeon Room Descriptions
    FG Product Reviews: Virtual Scribe Reviews

  10. #10

    Join Date
    Jun 2013
    Location
    Isanti, MN
    Posts
    2,813
    Quote Originally Posted by ddavison View Post
    I do encourage people to use different passwords for different sites.
    I recommend using LastPass or similar to manage your passwords.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Log in

Log in