Page 2 of 4 First 1234 Last

Thread: Data Breach

  1. #11
    damned's Avatar
    Join Date
    Mar 2011
    Location
    Australia
    Posts
    18,865
    Blog Entries
    1
    No company publishes their defenses.
    The breach you reference states the same.
    Its safe to assume that this website is the target of numerous hacking attempts.
    Even as consumers we should be aware that every place that we have data stored will potentially be hacked and we should ensure that a breach of one place will not allow other places to be breached.
    The two biggest things that every one of should do is:
    1. Protect your email account(s) as much s you can - very secure passwords, secure connections only, dont connect to your email over public wifis and use two-factor-authentication
    2. Use secure and unique passwords on every site

    MoreCore - Generic Ruleset
    --- Projects ---
    Extensions | Tutorials | MoreCore | MoreCore Themes | Call of Cthulhu | Maelstrom | FG Con

  2. #12
    Just looking for some straight answers. All I get from this is we use a service, change your passwords, and we update. I guess I will just hope for the best.

  3. #13
    Trenloe's Avatar
    Join Date
    May 2011
    Location
    Denver, Colorado, USA (for a bit)
    Posts
    23,342
    Quote Originally Posted by bukkyo View Post
    Just looking for some straight answers. All I get from this is we use a service, change your passwords, and we update.
    That post I linked from 5 months ago probably has more info than you'll get from most companies and has very straight answers. Just what exactly are you looking for? As FG don't store an accessible version of your password on the system the advice to change your passwords is based on people getting that from other systems, not from FG.

    Quote Originally Posted by bukkyo View Post
    I have put a lot of money into this system and would hate to lose it all since we are not protected.
    That post shows that if there's an FG breach no financial data will be accessed (other than your orders), no password information, or other info that would really cause concern. The most they'll be able to get is your email address, that they probably already have from other data breaches.

    So I don't understand how you think you're not protected or that you'll "lose it all".
    Last edited by Trenloe; August 14th, 2019 at 00:10.


    FG Product Development status: Pathfinder Playtest Ruleset and add-ons: In development. Pathfinder Bestiary, Pathfinder Bestiary 2, Pathfinder Bestiary 3 (in store).

    Private Messages: My inbox is forever filling up with PMs. Please don't send me PMs unless they are actually private/personal messages. General FG questions should be asked in the forums - don't be afraid, the FG community don't bite and you're giving everyone the chance to respond and learn!

  4. #14
    LordEntrails's Avatar
    Join Date
    May 2015
    Location
    GMT -7
    Posts
    7,770
    Blog Entries
    9
    What do you want?
    "We use;
    - XYZ service
    - MNO encryption with bob method bob password hashing
    - on a Mary SQL data base at version 1.2.3
    ???

    Those are the types of details that a hacker would want to know to make hacking the database easier. First, Smiteworks has said that they do not store financial information on any customers. They use PayPal and Steam and allow those sites to manage and be responsible for the financial information.

    In that regard, what information does SW have on their customers. Well if I look at my account they have;
    - my email address
    - an encrypted and hashed password
    - the date you created you account and whatever info you put in your profile
    - the list of things I have purchased from them

    And, they also keep logs of everything and have a third party firm verify their security compliance.

    They do NOT have;
    - my credit card number, bank account number or any other financial information
    - data of birth, address, social security number

    What are you afraid that someone might get IF they breached SW's servers? Worst case is a hacker might delete your purchase history and SW would have to go to a backup to verify your purchase history.

    Current Projects: Ultimate Undermountain (NYDUM)
    Community Contributions: Gemstones, 5E Quick Ref Decal, Adventure Module Creation, Dungeon Trinkets
    DMsGuild Content: Balance Disturbed (Adventure), Dungeon Room Descriptions
    FG Product Reviews: Virtual Scribe Reviews

  5. #15
    damned's Avatar
    Join Date
    Mar 2011
    Location
    Australia
    Posts
    18,865
    Blog Entries
    1
    Ask the same question of your bank and they too wont give you details of their setup or protection other than what you already know. All businesses keep this information to themselves.

  6. #16
    well from my understanding the company you use only protects from ddos attacks and wouldn't do jack. Also, hearing that you do have a backup incase my account is deleted or removed is exactly the information I was looking for. Lets see what I want. A. tell me Smiteworks has a 5 year and a 10 year plan for cyber security. B. are you actively testing your own software for vulnerabilities. C. These are all reasonable questions. I am not a hacker, but I know a few in cyber security. I have my answers, will seek more details else where since clearly you are being combative in this topic. Thanks and have a great day

  7. #17
    Quote Originally Posted by bukkyo View Post
    Just looking for some straight answers. All I get from this is we use a service, change your passwords, and we update. I guess I will just hope for the best.
    One thing you should consider is that if they give you the straight answers you want your data would become less secure. The more information that is out there about specifics the more probability of a successful hack. It is not bulletproof but it is another layer of data security. As a person familiar with data security you are more likely to find your info breached at a larger firm (banks, card handlers and online retailers) than smaller firms. The information that can be gotten about you from those larger types is infinitely more damaging than the limited data Smiteworks has about you.

    Your biggest point of vulnerability or security is actually you and your password. My recommendation is use a unique password with multi-case alphanumeric characters with several random symbols thrown in here and there of at least 16 characters in length. One of the principle ways a malicious hacker gets into an account is to gain information of one site and then try the username/email password combination on other sites. So if you have a different password on every site you use you are safer even in the event of a data breech.

  8. #18
    Hey smiteworks I know I'm kinda new here but I would like to know the address of your company and the locations of all your security cameras and I need to know the passwords to get in and where you keep your car keys and the ss# of all your employees so I can evaluate my security if I buy your product.

    Just looking for straight answers. K thx bai.


    Also, and this is VERY important....boxers or briefs?

  9. #19
    LordEntrails's Avatar
    Join Date
    May 2015
    Location
    GMT -7
    Posts
    7,770
    Blog Entries
    9
    Quote Originally Posted by bukkyo View Post
    well from my understanding the company you use only protects from ddos attacks and wouldn't do jack. Also, hearing that you do have a backup incase my account is deleted or removed is exactly the information I was looking for. Lets see what I want. A. tell me Smiteworks has a 5 year and a 10 year plan for cyber security. B. are you actively testing your own software for vulnerabilities. C. These are all reasonable questions. I am not a hacker, but I know a few in cyber security. I have my answers, will seek more details else where since clearly you are being combative in this topic. Thanks and have a great day
    You do know that no one (myself included) that has answered or posted in this thread actually works for or represents the company that makes Fantasy Grounds?

    The only statement from SmiteWorks or it's employees or representatives is the one that you were linked to early.

    I'm sorry you feel we are being combative. I truly do not believe that is anyone's intent. I know its' not my intent.

    The one service that SmiteWorks named, Cloudflare, you are correct in that it is designed to secure against DDoS attacks. And though those are annoying, they really have little to do with information security. The other measures that SmiteWorks alluded to in their post are other aspects of their security profile, the ones that are more important, imo.

    But it all comes down to one important aspect, what information does SmiteWorks have on you that you are worried might be breached? They themselves do not store or collect any personally identifiable or financial information (note the part about PayPal and Steam handling all of that). The only important information they really have is your purchase history, which is easy to backup and restore in the event of a disaster/breech.

    Current Projects: Ultimate Undermountain (NYDUM)
    Community Contributions: Gemstones, 5E Quick Ref Decal, Adventure Module Creation, Dungeon Trinkets
    DMsGuild Content: Balance Disturbed (Adventure), Dungeon Room Descriptions
    FG Product Reviews: Virtual Scribe Reviews

  10. #20
    Quote Originally Posted by bukkyo View Post
    well from my understanding the company you use only protects from ddos attacks and wouldn't do jack. Also, hearing that you do have a backup incase my account is deleted or removed is exactly the information I was looking for. Lets see what I want. A. tell me Smiteworks has a 5 year and a 10 year plan for cyber security. B. are you actively testing your own software for vulnerabilities. C. These are all reasonable questions. I am not a hacker, but I know a few in cyber security. I have my answers, will seek more details else where since clearly you are being combative in this topic. Thanks and have a great day
    Nobody is being combative but you.

    If you know actual cyber security people ask them specifically how they protect their networks. If they tell you, tell them they suck at their jobs for me. I would never tell you or anyone outside my direct chain of command what was being done to protect the network. If you asked me about networks under my care I'd say sorry but that information is confidential.

    As for what you know or don't know your assumption is basically guesswork.

    A 5 year or 10 year plan is basically a setup for failure. What you need is a constantly evolving plan or a security service that is managing that for you.

    Most hosting services offer services that constantly check websites for known vulnerabilities and provide the client with regular reports. It would be safe to make the assumption that most forward facing commercial entities take advantage of that.

    Finally any actual banking data is stored at PayPal and not Smiteworks so basically you are stressing yourself about your email address, any info you have added to the forum profile and your purchase info. Even the password is encrypted and while it could likely eventually be decrypted the number of password wouldn't be worth the effort compared to large financial entities and such.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Log in

Log in