Seconded, it is possible to do this. I sent Nai a PM for my info, but if the list is p[osted without the Passwords, then it would be easy to see if friends or family is on there.
I didn't get an email, so I am lucky. I suppose what they should have done is make a new email account (they could make one in advance) like [EMAIL="MTGsalvation@hotmail.com"]MTGsalvation@hotmail.com[/EMAIL] in times of dire need for authenticity
The email doesn't mean you weren't hacked. You just didn't get an email. The email wasn't sent just to hacked users, it was meant to be sent to all users.
The list itself is reportedly over 9000 names long. Those -all- include passwords and emails. It'd take QUITE a few hours to edit down to just names, and then several posts long to post. However, it's really easy to just search it. So as I said, feel free to PM me and I'll search for the information you provide.
I got the admin E-mail, and changed my details ASAP.
Also, i thought i would mention that i recently started a Gmail account, i have done almost nothing with it yet but recieved a Email from a Gmail administrator telling me that my password had been compromised and that it was defaulted, pending my logging in with the default and reentering a new PW.
Interesting. At least this shows that Admins on sites do put in a bit of effort for there clients!
msun: Knives scoop ice cream.
Highroller: No they don't, knives don't scoop. Spoons scoop.
msun: Well, knives SHOULD scoop icecream.
Highroller: We have spoons that do it. Moreover, the shape of a knife that would scoop ice cream would make it horrible for performing the functions of a knife.
msun: Highroller, you bring up spoons as though they were the utensil used for scooping ice cream.
Perhaps the current stance of this situation should be edited into the first post of the thread. I feel like getting up to date information on this particular issue shouldn't require sifting through over 100 posts.
The list itself is reportedly over 9000 names long. Those -all- include passwords and emails. It'd take QUITE a few hours to edit down to just names, and then several posts long to post. However, it's really easy to just search it. So as I said, feel free to PM me and I'll search for the information you provide.
No idea how the list is formatted but I guess you could actually strip the passwords with sed/awk/something in a matter of seconds. Also it could be posted as a txt file or whatever to save space...
I don't really feel comfortable about sending my ebay/paypal usernames around so I'd rather see the list myself. But if it's easy to find I guess I'll start googling then...
While I have changed all my passwords for everything, I would like to take this time to thank the higher-ups of this site for actually caring enough about us to work on this and respond to it.
By the way, while searching for names I've noticed a trend. A lot of the passwords are VERY easy. For instance, in several cases, the password was simply the account name. Or, if they had a name from Anne Rice's books, the word 'vampyre' would be their password. Or something out of their email. Some people even user passw0rd or something similar.
Remember kiddies, if you're not going to follow Rianalnn's simple rules here, follow Nai's simple rules for password creation:
1. At least 6 alphanumeric digits.
2. A combination of uppercase and lowercase, with at least one of each.
3. At least one set of numbers.
4. No using your account name.
5. No using your email.
6. No using your real name.
7. No using any details that someone could easily find out about you.
8. The longer your password is, the better.
For instance, my -previous- password for 'Sally was 8 digits long. My current one, for giggles, is 22.
To the best of our knowledge, MTGSalvation was NOT hacked. These passwords seem to be a mixed amount of dictionary attack (trying out single words from the dictionary), guesswork based on username and email, keylogging, and other devious plots. So far, I know of only three or four users who actually are on this list.
So change your passwords, possibly change your emails (if you have the option), and contact me if you'd like me to check the list. But, for the most part, it seems the most of us are safe.
I have the impression that every member got the e-mail. I'm not sure if it could easily be done (thousands of names), but couldn't the list without passwords and e-mail adresses be made public? People would feel more comfortable if they knew they were not on the list, and even if they knew that they were on the list.
It wouldn't be difficult. You could paste it into Excel and use text to columns to separate names, passwords, and email addresses, and then simply post only the first column.
However, the question becomes: Is it wise? I don't know if this has been addressed, since I haven't read all 9 pages of discussion, but simply putting the usernames out there gives someone with a brute force program a tempting target, a ready made list of names.
It's really irrelevant. Act like your **** has been compromised and you'll be fine. If you really want to be safe, run a virus check to make sure you don't have a keylogger, then change your passwords. That was my first thought when I received the email from AoK, hmm, must have a keylogger and someone is trying to get me to type in pwords so they can steal them. So I came here to look, and saw that it was legit. No offense, AoK
For storing and generating passwords at work we use KeePass Password Safe. http://keepass.info/
It's free/open source software that helps you store passwords in a single file which requires a single (hopefully super long) password to open. You can also require an additional master key file (stored on a USB drive or something else) for two factors of authentication. We advise generally using something long, but memorable such as the opening line from a book, or an entire line from a song as a passphrase as you'll remember it but its sufficiently long enough to not ever crack.
You then use it to store your passwords in there, but it can also help you generate super long random passwords such as "u:GkI~^EPgRpPEvN.od%" which is damn near impossible to simply crack (without a quantum computer) let alone remember. Then every time you use the website you copy/paste the username/password over and don't allow the browser to save them.
It's not perfect, but its pretty damn good for generating long passwords and keeping track of them. It really discourages the "one password for every service/website" problem that plagues many of us and makes things like these password links actually dangerous.
I'm sure more than one person here uses the same password on forums that they do for their bank, email, paypal account, etc. Please don't do this. If you literally don't remember your password (or know it) you'll be much less likely to give it to someone else. I'm guessing that 99.99% of situations that people's WoW accounts have been 'hacked' have been from someone getting their password from elsewhere... not hacking Blizzard's servers.
Even though strong passwords are a good idea the passwords can still end up in wrong hands. There was a case in my country about a year ago where some dude got a the password database (with tens of thousands of entries) with some sql injection hack. The database actually only had the hashes for the passwords but they were quite easily decrypted with some brute force computation eventually. Nothing serious actually resulted from that case, only some goatse pics appeared on the popular social networking site. However, it served as a wakeup call for both the users and the admins to pay a bit more attention on these kinds of things.
I have no idea how the passwords got out in this case but this feels very similar to the case that occurred here.
Feel free to send me name lookup requests as well, I'll get to them when I have a moment.
I'd just like to stress that MTGS has NOT been compromised. This was probably a phishing scam that impersonated Paypal, Ebay, or some site selling gaming-related items like MTGO or WOW stuff.
I have contacted a member of Ebay's security on this and given them the links and he was going to be forwarded to higher level security there and am working to makes sure the information is given to Paypal as well.
This actually happened to me a few days ago...im trying to figure out if they were asking for my MTGO account of my MTGO Traders account :-/. I have already reported this to Wizards. And YES i am pissed. So hackers if your reading this I hope you die a thousand deaths
This actually happened to me a few days ago...im trying to figure out if they were asking for my MTGO account of my MTGO Traders account :-/. I have already reported this to Wizards. And YES i am pissed. So hackers if your reading this I hope you die a thousand deaths
Even though I'm pretty sure that your sentiment is shared by more than one person, you could say it in such a way as to NOT be flaming...
And yes, no incantatrix for you. Or anyone. That class makes puppies cry. Mostly because they are the former Big Bads who have been Baleful Polymorphed into said puppies. By you. Because you're an incantatrix.
Quote from Yukora »
This is Deraxas we're talking about.
Remember, the girl that just killed an aspect of herself before literally consuming her?
Yeah, I don't see her handling a pissing match in any way other than a duel.
Quote from RedDwarfian »
Yes mistress...
Quote from About epic-level D&D »
There are only so many epic, psuedonatural barbarian/blackguard half-dragon akutenshai vampire balor paragons they can throw at you, right?
Quote from Concerning breeding habits of humans in fantasy games »
I suppose it's true. Though the logistics implied in a human/Great Wyrm Prismatic Dragon pairing makes me shudder.
...Something tells me that even should all arcane casters in the world unite, that the Grease spell would NOT be sufficient.
The list has been taken down from public view. Which means that people can't easily find it (though it may still be floating around). Unfortunately, this means I also can't check the list any longer. My apologies.
Even though I'm pretty sure that your sentiment is shared by more than one person, you could say it in such a way as to NOT be flaming...
Let's try and keep it civil, okay? Thanks
Im sorry if I offended you or others for that matter. Its just, things like this are uncalled for. I mean it would be different if I had done something to them but I didnt and now they want to steal something that Ive spent a large amount of money as well as time into? argh
Im sorry if I offended you or others for that matter. Its just, things like this are uncalled for. I mean it would be different if I had done something to them but I didnt and now they want to steal something that Ive spent a large amount of money as well as time into? argh
Oh, I understand. We just try not to say things like that in public forums, because one thing leads to another and...
Yeah, the universe probably won't explode, but it keeps things more civil. Definitely no hard feelings- if my stuff had been up there, I'd be mad enough to chew iron and spit nails at this point.
And yes, no incantatrix for you. Or anyone. That class makes puppies cry. Mostly because they are the former Big Bads who have been Baleful Polymorphed into said puppies. By you. Because you're an incantatrix.
Quote from Yukora »
This is Deraxas we're talking about.
Remember, the girl that just killed an aspect of herself before literally consuming her?
Yeah, I don't see her handling a pissing match in any way other than a duel.
Quote from RedDwarfian »
Yes mistress...
Quote from About epic-level D&D »
There are only so many epic, psuedonatural barbarian/blackguard half-dragon akutenshai vampire balor paragons they can throw at you, right?
Quote from Concerning breeding habits of humans in fantasy games »
I suppose it's true. Though the logistics implied in a human/Great Wyrm Prismatic Dragon pairing makes me shudder.
...Something tells me that even should all arcane casters in the world unite, that the Grease spell would NOT be sufficient.
To post a comment, please login or register a new account.
Seconded, it is possible to do this. I sent Nai a PM for my info, but if the list is p[osted without the Passwords, then it would be easy to see if friends or family is on there.
Thanks
[html]http://www.magictraders.com/reflists/TheDragon.html[/html]
I collect Foil Dragons and Foil Angels. Got one for me?
EDIT:that isn't actually a link
Draft it on Cubetutor!
The list itself is reportedly over 9000 names long. Those -all- include passwords and emails. It'd take QUITE a few hours to edit down to just names, and then several posts long to post. However, it's really easy to just search it. So as I said, feel free to PM me and I'll search for the information you provide.
My helpdesk should you need me.
Also, i thought i would mention that i recently started a Gmail account, i have done almost nothing with it yet but recieved a Email from a Gmail administrator telling me that my password had been compromised and that it was defaulted, pending my logging in with the default and reentering a new PW.
Interesting. At least this shows that Admins on sites do put in a bit of effort for there clients!
- B
Magic Rules Advisor
How Creatures Die
Targets | Triggered Abilities | Priority and the Stack | Older Articles
No idea how the list is formatted but I guess you could actually strip the passwords with sed/awk/something in a matter of seconds. Also it could be posted as a txt file or whatever to save space...
I don't really feel comfortable about sending my ebay/paypal usernames around so I'd rather see the list myself. But if it's easy to find I guess I'll start googling then...
And Azerbaijan is right.
Honestly, you should just accept our help. Saying you're going to google up a list of passwords and names is -not- the correct action.
My helpdesk should you need me.
Remember kiddies, if you're not going to follow Rianalnn's simple rules here, follow Nai's simple rules for password creation:
1. At least 6 alphanumeric digits.
2. A combination of uppercase and lowercase, with at least one of each.
3. At least one set of numbers.
4. No using your account name.
5. No using your email.
6. No using your real name.
7. No using any details that someone could easily find out about you.
8. The longer your password is, the better.
For instance, my -previous- password for 'Sally was 8 digits long. My current one, for giggles, is 22.
My helpdesk should you need me.
To the best of our knowledge, MTGSalvation was NOT hacked. These passwords seem to be a mixed amount of dictionary attack (trying out single words from the dictionary), guesswork based on username and email, keylogging, and other devious plots. So far, I know of only three or four users who actually are on this list.
So change your passwords, possibly change your emails (if you have the option), and contact me if you'd like me to check the list. But, for the most part, it seems the most of us are safe.
My helpdesk should you need me.
It wouldn't be difficult. You could paste it into Excel and use text to columns to separate names, passwords, and email addresses, and then simply post only the first column.
However, the question becomes: Is it wise? I don't know if this has been addressed, since I haven't read all 9 pages of discussion, but simply putting the usernames out there gives someone with a brute force program a tempting target, a ready made list of names.
It's really irrelevant. Act like your **** has been compromised and you'll be fine. If you really want to be safe, run a virus check to make sure you don't have a keylogger, then change your passwords. That was my first thought when I received the email from AoK, hmm, must have a keylogger and someone is trying to get me to type in pwords so they can steal them. So I came here to look, and saw that it was legit. No offense, AoK
It's free/open source software that helps you store passwords in a single file which requires a single (hopefully super long) password to open. You can also require an additional master key file (stored on a USB drive or something else) for two factors of authentication. We advise generally using something long, but memorable such as the opening line from a book, or an entire line from a song as a passphrase as you'll remember it but its sufficiently long enough to not ever crack.
You then use it to store your passwords in there, but it can also help you generate super long random passwords such as "u:GkI~^EPgRpPEvN.od%" which is damn near impossible to simply crack (without a quantum computer) let alone remember. Then every time you use the website you copy/paste the username/password over and don't allow the browser to save them.
It's not perfect, but its pretty damn good for generating long passwords and keeping track of them. It really discourages the "one password for every service/website" problem that plagues many of us and makes things like these password links actually dangerous.
I'm sure more than one person here uses the same password on forums that they do for their bank, email, paypal account, etc. Please don't do this. If you literally don't remember your password (or know it) you'll be much less likely to give it to someone else. I'm guessing that 99.99% of situations that people's WoW accounts have been 'hacked' have been from someone getting their password from elsewhere... not hacking Blizzard's servers.
Just a thought.
Ad Operations, gamerDNA
http://tibbon.gamerdna.com
I have no idea how the passwords got out in this case but this feels very similar to the case that occurred here.
For those that are PMing me, I'll be gone for the next three and a half hours. I'll handle the name look-ups when I return.
My helpdesk should you need me.
L1 Judge
I'd just like to stress that MTGS has NOT been compromised. This was probably a phishing scam that impersonated Paypal, Ebay, or some site selling gaming-related items like MTGO or WOW stuff.
https://twitch.tv/annorax10 (classic retro speedruns & occasional MTGO/MTGA screwaround streams)
https://twitch.tv/SwiftorCasino (yes, my team and I run live dealer games for the baldman using his channel points as chips)
http://forums.mtgsalvation.com/showthread.php?t=132699
MTGO name: LeviathanTM
Failure is a four letter word.
Avatar credit goes to DarkNightCavalier
Even though I'm pretty sure that your sentiment is shared by more than one person, you could say it in such a way as to NOT be flaming...
Let's try and keep it civil, okay? Thanks
"I am in the arcane, and the arcane is in me."
Official Matron Mother of Clan Planar Chaos
Awesome Avatar and signature by DarkNightCavalier
Deraxas, Dark Maiden of Shimia,, still oddly obsessed with a mindmage.
The list has been taken down from public view. Which means that people can't easily find it (though it may still be floating around). Unfortunately, this means I also can't check the list any longer. My apologies.
My helpdesk should you need me.
Im sorry if I offended you or others for that matter. Its just, things like this are uncalled for. I mean it would be different if I had done something to them but I didnt and now they want to steal something that Ive spent a large amount of money as well as time into? argh
MTGO name: LeviathanTM
Failure is a four letter word.
Avatar credit goes to DarkNightCavalier
Oh, I understand. We just try not to say things like that in public forums, because one thing leads to another and...
Yeah, the universe probably won't explode, but it keeps things more civil. Definitely no hard feelings- if my stuff had been up there, I'd be mad enough to chew iron and spit nails at this point.
"I am in the arcane, and the arcane is in me."
Official Matron Mother of Clan Planar Chaos
Awesome Avatar and signature by DarkNightCavalier
Deraxas, Dark Maiden of Shimia,, still oddly obsessed with a mindmage.