Also, I know this is a bit silly, but has anyone actually contacted the authorities? This is mass-hacking right? Surely there's a way to track people down and send them all to jail?
Not much they'll do about it, likely. I know this seems huge right now, but in the grand scale of things this isn't much. On any black-hat hacking forum you'll see things like this, very common are lists of Steam/PayPal/eBay logins. One time I saw somebody offering valid credit card numbers with CVV2 (the little three-digit validation number on the back) for $5 apiece. This is small potatoes.
rianalnn, good advice on the password bit. Not that I followed that at all for my password here, but that's the fun of using different passwords for different things.
On a sidenote, it looks like we're seeing people have their password posted who trade rarely or not at all.... and there is no one seller/buyer/trader they have in common. This doesn't look like it's related to the trading on the site... so where are these passwords coming from?
eh, bloody hell. time to go check the others. though i'd seriously doubt i'd be on anything. i don't have ebay or amazon accounts...or paypal...or anything like that.
Not sure how relevant it is at all, but a few weeks ago I got an email from WIFOM.net telling me someone was attempting to reset my password there. I didn't think much of it, and left a note over there. After I heard about this, I went to see if that thread had been responded to and see the entire site is now down for security issues.
Again, no clue if that is relevant at all, but I figured I would throw it out there.
got the email, it did look a bit odd (I only guessed it was from here as the address was mtgsadmin), but just saw this.
Have changed passwords to ebay & paypal and whatnot.
I haven't done any dealing with people on this site (nor elsewhere). I hope I'm not on that list..
This is quite alarming.
Was this email only sent out to those known to be affected?
Apparently.
I.E if you didn't receive it are you clear ?
Change it just in case, Bel.
Was it a bulk mail to everyone and those that didn't get it probably blocked it ?
Why are there so many spaces?
It sounds like it was an email sent to everyone who had a listing on that site. Whether that's a bulk email or copy-paste email I wouldn't know.
Is it possible to get exact details (obviously only those relevant to yourself) so the people involved can take the necessary steps .
.
Is it only mtgs usernames/pw's or is it other stuff aswell ?
Uncertain.
It's not explicitly stated that they're linked to MTGS, and Hunted_Charlie said that it referred to eBay and PayPal, which he doesn't have (as stated in post #1).
Because, for the umpteenth time, the passwords as also displayed and the staff don't want you cracking into others' accounts, maybe?
I dunno; it's just, like, a hunch?
That's pretty, you know, bad and, for those who aren't amoral and have morals and try to follow them, immoral and such.
what i like about this excuse is that there are millions of people who can go to the site on their own volition to see the effing list, but i cannot because my name might be one on it. fantastic.
what i like about this excuse is that there are millions of people who can go to the site on their own volition to see the effing list, but i cannot because my name might be one on it. fantastic.
Perhaps that's the staff's explanation, not its excuse?
Tspice, that's all assuming people can even find the site. Just ask an admin (or any staff) for the names you need checking up on, for whether they're safe or not.
Quote from ikkleste »
This severly sucks, without knowing what password they have listed for me (if they have one) that means going in and changing all my passwords. That's a lot of old passwords to remember and new ones to invent. Is it any wonder people reuse passwords? Ive changed 15 this morning...
Wow, dude, that sucks.
The worst bit is if you list your email for public viewing, you're easier to hit elsewhere, even if you're registered under a different name.
This is quite alarming.
Was this email only sent out to those known to be affected ?
I.E if you didn't receive it are you clear ?
To repeat from my previous post:
The e-mail was sent to all registered users. If you have a username you use to log into and post on this site, an e-mail was sent to the e-mail account you registered with.
As for the list, I've seen it and I can say that not every registered user's name was on the list. I know this because mine wasn't.
Was it a bulk mail to everyone and those that didn't get it probably blocked it ?
That.
Is it possible to get exact details (obviously only those relevant to yourself) so the people involved can take the necessary steps .
I'm going to leave that one to the admins for the time being.
Is it only mtgs usernames/pw's or is it other stuff aswell ?
Right now we're not 100% that the passwords in the list even came from MTGS.
Private Mod Note
():
Rollback Post to RevisionRollBack
I am no longer on MTGS staff, so please don't contact me asking me to do staff things. :|
For everyone concerned about, potentially, their information, you must understand that both (1) the admins probably have a way to check, quickly, for any information you provide them and (2) the less the anyone's private data is seen the less likelihood that the data will be used in an inapproriate manner.
The largest chunk of my job is working with third parties to purchase data for limited solicitation (i.e. mail you an advertisement because we think you may want what we're selling; in my case specifically, insurance). Generally there are very strict requirements on transferring, retaining, and purging data. The less it is seen and handled, the safer the data is. The approach the admins have in this case isn't just "what's safe in our judgement" but dovetails very well to industry practices for handling very personal data.
Yes. A thousand times yes. They lured me in with Ivory Tower and Zuran Orb, and I kept telling myself "I can quit whenever I want...just look at that untapped disk". That was ten years ago man.....
If anyone wants to know if their password is compromised, feel free to send me, via PM, a login name for any site. I'll do a quick search of that page for you.
Right now, it looks like mostly Paypal and Ebay. I checked my own, and I wasn't on there. I don't trade, don't have paypal/ebay, and don't do phishing scams. That might help for anyone worried.
Technically, most of the passwords gathered by 'hackers' are actually gathered by use of keyloggers on your computers. (Keylogger is malware that remembers all letters you have typed down. So, whenever you happen to type your username, the first few letters are probably your password.) Therefore I think that before changing your password again (Useless, if they discover it again right away.) It might be worth it running a Virus-scan and clear your cookies (Ctrl+Shift+Delete on Firefox..). (And obviously stored passwords from browsers etc.)
EDIT: The other possibility is someone hacking the site and somehow decrypting the encrypted information, and in this case changing password is relatively inefficient before the hole in the security is fixed. They did it once, they can do it again.
Private Mod Note
():
Rollback Post to RevisionRollBack
The Sage is occupied with the unspoken
and acts without effort.
Teaching without verbosity,
producing without possessing,
creating without regard to result,
claiming nothing,
the Sage has nothing to lose.
I'd also like to see this list. If you're saying the passwords on the list don't completely match up to the MTGSalvation user accounts, then maybe they are our paypal passwords.
I'm changing my paypal password now anyway, but if I'm on this list, and they got my password right, I may take even bigger steps, like possibly freezing my paypal account for a while.
It's already been stated that the passwords are for Paypal and Ebay. It's also already been stated that you are not allowed to see this list, for the safety of other members.
So far, no one that has PM'd me has been found on the list. I'll keep looking if people keep sending PMs. Just remember, this list was labeled as Paypal and Ebay passwords, not necessarily this site.
So some of us may not even be at risk? I received an email to my gmail account about a username on mtgs that was registered with my hotmail account, how is that possible? o_O
Manaburn, that was a mass email sent by Avatar of Kokusho, one of the admin. It was a mass warning that this had happened. You may not be at risk, but we're making sure everyone knows of the possibility.
The email was sent to everyone registered at the sight, using the email you registered with.
It's already been stated that the passwords are for Paypal and Ebay. It's also already been stated that you are not allowed to see this list, for the safety of other members.
So far, no one that has PM'd me has been found on the list. I'll keep looking if people keep sending PMs. Just remember, this list was labeled as Paypal and Ebay passwords, not necessarily this site.
I suggest others do as i have done and either A: change there password or B:get a security keychain from paypal. (its a random number generator thats linked to your account creates a random code you have to enter along with your password without the code they cant get it)
I already had the security key and im changing my password anyway this sucks
My two cents:
The email we received from a gmail.com acct is a little disconcerting but we should ALL be aware that the sender name of an email can be faked or "spoofed." So, even if it came from [email]Yourfavoritemoderator@mtgsalvation.com[/email] it should be treated with utmost suspicion.
Also, would it be of any value for one of the mods to call this to the attention of Paypal or Ebay? Or assume that they know? They could take security measures.
Thanks for the email. (I haven't been on this forum in over a year, quit magic and all.) Any who, don't know if I'm on the list, but I wasn't using my Paypal account anyway, so I closed it. Mods, if I am somehow on the list feel free to email me further, but the only person I bought from on the forums was Rancoredelf, and I seriously doubt he would do something like this. Best of luck to everyone. (And thanks for that birthday email!)
Private Mod Note
():
Rollback Post to RevisionRollBack
When I was young, the smallest trick of light,
Could catch my eye,
Then life was new and every new day,
I thought that I could fly.
I believed in what I hoped for,
And I hoped for things unseen,
I had wings and dreams could soar,
I just don't feel like flying anymore.
I personally just sent an email to eBay so they're aware. I'm looking for a proper address for Paypal. This may be in addition to emails other members and staff have sent.
Well I do have a paypal, but I haven't ever used, it, and I did do some trading, but I haven't done so in quite some time. There really isn't much to be gained through the direct use of my info, though I'm still somewhat concerned... >_>
rianalnn, good advice on the password bit. Not that I followed that at all for my password here, but that's the fun of using different passwords for different things.
On a sidenote, it looks like we're seeing people have their password posted who trade rarely or not at all.... and there is no one seller/buyer/trader they have in common. This doesn't look like it's related to the trading on the site... so where are these passwords coming from?
thanx for the email too. took me by suprise.
Yeah, I got the same thing.
How odd.
Yes. Without a doubt yes. It is extremely foolish to use similar passwords for multiple accounts. I can't stress that enough.
Archatmos
Excellion
Fracture: Israfiel (WBR), Wujal (URG), Valedon (GUB), Amduat (BGW), Paladris (RWU)
Collision (Set Two of the Fracture Block)
Quest for the Forsaken (Set Two of the Excellion Block)
Katingal: Plane of Chains
Have changed passwords to ebay & paypal and whatnot.
I haven't done any dealing with people on this site (nor elsewhere). I hope I'm not on that list..
Apparently.
Change it just in case, Bel.
Why are there so many spaces?
It sounds like it was an email sent to everyone who had a listing on that site. Whether that's a bulk email or copy-paste email I wouldn't know.
.
Uncertain.
It's not explicitly stated that they're linked to MTGS, and Hunted_Charlie said that it referred to eBay and PayPal, which he doesn't have (as stated in post #1).
what i like about this excuse is that there are millions of people who can go to the site on their own volition to see the effing list, but i cannot because my name might be one on it. fantastic.
10.) No taxing cards.
If i wanted to pay 1 more on my Fresh Volunteers, then id just have played Pearled Unicorn.
Tspice, that's all assuming people can even find the site. Just ask an admin (or any staff) for the names you need checking up on, for whether they're safe or not.
Wow, dude, that sucks.
The worst bit is if you list your email for public viewing, you're easier to hit elsewhere, even if you're registered under a different name.
Lol.
No, really.
Lol.
To repeat from my previous post:
The e-mail was sent to all registered users. If you have a username you use to log into and post on this site, an e-mail was sent to the e-mail account you registered with.
As for the list, I've seen it and I can say that not every registered user's name was on the list. I know this because mine wasn't.
That.
I'm going to leave that one to the admins for the time being.
Right now we're not 100% that the passwords in the list even came from MTGS.
The largest chunk of my job is working with third parties to purchase data for limited solicitation (i.e. mail you an advertisement because we think you may want what we're selling; in my case specifically, insurance). Generally there are very strict requirements on transferring, retaining, and purging data. The less it is seen and handled, the safer the data is. The approach the admins have in this case isn't just "what's safe in our judgement" but dovetails very well to industry practices for handling very personal data.
Wondering what Arc's listening to right now? Find out here!
Right now, it looks like mostly Paypal and Ebay. I checked my own, and I wasn't on there. I don't trade, don't have paypal/ebay, and don't do phishing scams. That might help for anyone worried.
My helpdesk should you need me.
EDIT: The other possibility is someone hacking the site and somehow decrypting the encrypted information, and in this case changing password is relatively inefficient before the hole in the security is fixed. They did it once, they can do it again.
and acts without effort.
Teaching without verbosity,
producing without possessing,
creating without regard to result,
claiming nothing,
the Sage has nothing to lose.
I'm changing my paypal password now anyway, but if I'm on this list, and they got my password right, I may take even bigger steps, like possibly freezing my paypal account for a while.
So far, no one that has PM'd me has been found on the list. I'll keep looking if people keep sending PMs. Just remember, this list was labeled as Paypal and Ebay passwords, not necessarily this site.
My helpdesk should you need me.
oh buggarit, where did you get this from? now i have to change my password again!!!! :p:p:p
The email was sent to everyone registered at the sight, using the email you registered with.
My helpdesk should you need me.
I suggest others do as i have done and either A: change there password or B:get a security keychain from paypal. (its a random number generator thats linked to your account creates a random code you have to enter along with your password without the code they cant get it)
I already had the security key and im changing my password anyway this sucks
The email we received from a gmail.com acct is a little disconcerting but we should ALL be aware that the sender name of an email can be faked or "spoofed." So, even if it came from [email]Yourfavoritemoderator@mtgsalvation.com[/email] it should be treated with utmost suspicion.
Also, would it be of any value for one of the mods to call this to the attention of Paypal or Ebay? Or assume that they know? They could take security measures.
J
Could catch my eye,
Then life was new and every new day,
I thought that I could fly.
I believed in what I hoped for,
And I hoped for things unseen,
I had wings and dreams could soar,
I just don't feel like flying anymore.
My helpdesk should you need me.
The creator of Maro's Magic 8-Ball!
My helpdesk should you need me.