_gaq.push(['_trackPageview']); _gaq.push(['_trackPageLoadTime']); (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })();

Archive

Posts Tagged ‘Hacked’

The War Z forums and databases hacked, taken offline for investigation

April 3rd, 2013 No comments
The War Z has been taken offline due to the compromise of its databases and official forums, publisher OP Productions has announced. "We have discovered that hackers gained access to our forum and game databases and the player data in those databases," the statement reads. "We have launched a thorough investigation covering our entire system to determine the scope of the intrusion. This investigation is ongoing and is our top priority."

The user information obtained during the break in includes log-in e-mail addresses for the official forums and the game itself, along with the encrypted passwords associated with those addresses. No user payment information was compromised, however, as payments are handled by a third party company that operates outside of OP Production's ecosystem.

Despite the fact that "there was absolutely no exposure of your payment or billing information of any kind," according to the statement, the possibility still exists for the stolen encrypted passwords to be decrypted, which could obviously be an issue for anyone that used the same email address and password for The War Z as they did for other, more vital internet accounts. As such, OP Productions recommends that its users change up their passwords.

Beyond the promise of future updates, no further timeline was given with respect to when the game may come back online.

JoystiqThe War Z forums and databases hacked, taken offline for investigation originally appeared on Joystiq on Wed, 03 Apr 2013 03:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments
Tags: , , , , , , , ,

The War Z forums and databases hacked, taken offline for investigation

April 3rd, 2013 No comments
The War Z has been taken offline due to the compromise of its databases and official forums, publisher OP Productions has announced. "We have discovered that hackers gained access to our forum and game databases and the player data in those databases," the statement reads. "We have launched a thorough investigation covering our entire system to determine the scope of the intrusion. This investigation is ongoing and is our top priority."

The user information obtained during the break in includes log-in e-mail addresses for the official forums and the game itself, along with the encrypted passwords associated with those addresses. No user payment information was compromised, however, as payments are handled by a third party company that operates outside of OP Production's ecosystem.

Despite the fact that "there was absolutely no exposure of your payment or billing information of any kind," according to the statement, the possibility still exists for the stolen encrypted passwords to be decrypted, which could obviously be an issue for anyone that used the same email address and password for The War Z as they did for other, more vital internet accounts. As such, OP Productions recommends that its users change up their passwords.

Beyond the promise of future updates, no further timeline was given with respect to when the game may come back online.

JoystiqThe War Z forums and databases hacked, taken offline for investigation originally appeared on Joystiq on Wed, 03 Apr 2013 03:00:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments Tags: , , , , , , , ,

Rumor: SimCity modded to disable disconnection timer, open debug mode

March 14th, 2013 No comments
Rumor SimCity modded to disable disconnection timer, enable debug mode

Reddit user AzzerUK claims to have enabled SimCity's debug mode and to have disabled its disconnection timer, both of which imply that there is more to the game's inner workings than EA and Maxis originally stated.

Currently, a user that loses their connection to the server during gameplay will be logged out of the game after 20 minutes. This is supposedly because the client must sync simulation data back to the server on a regular basis, in order to ease the computational load on the user's machine and to ensure the simulation as a whole runs smoothly.

Though not demonstrated in the video above, AzzerUK claims to have disabled that disconnection timer, and that playing an offline city for extended periods of time resulted in no issues with the simulation itself. Since SimCity does not support local saves in any way, it is not possible for AzzerUK to actually save anything that happens in his offline city, but the important thing is that the simulation reportedly did not come to a screeching halt after being unable to sync with the server.

The modder/hacker also claims to have enabled SimCity's debug mode, which allows for cities to be edited beyond their typically imposed borders. Though clipping and texture mapping issues are easily visible in the above clip, the traditionally impossible highways created at least appear to function properly. This supposes that, at least theoretically, the game is capable of supporting city sizes that are larger than what is currently available.

JoystiqRumor: SimCity modded to disable disconnection timer, open debug mode originally appeared on Joystiq on Thu, 14 Mar 2013 20:15:00 EST. Please see our terms for use of feeds.

Permalink | Email this | Comments Tags: , , , , , , , , , , , ,

Zendesk hacked: Twitter, Pinterest, and Tumblr users were affected

February 22nd, 2013 No comments

large_6872259969A security breach at cloud-based customer support vendor Zendesk has exposed personal information including email addresses of Twitter, Pinterest, and Tumblr clients, the company said today in a blog post.

We’ve become aware that a hacker accessed our system this week. As soon as we learned of the attack, we patched the vulnerability and closed the access that the hacker had. Our ongoing investigation indicates that the hacker had access to the support information that three of our customers store on our system. We believe that the hacker downloaded email addresses of users who contacted those three customers for support, as well as support email subject lines. We notified our affected customers immediately and are working with them to assist in their response.

Zendesk manages backoffice features like customer support and help desk operations via a cloud service it delivers to hundreds of clients serving over 65 million people, the company says on its website. Only Twitter, Pinterest, and Tumblr clients were affect, the company says, but those sites touch literally hundreds of millions of users.

Since most end users never touch Zendesk directly, most users first awareness that there might be a problem will come via an email from one of the affected services. I received an email from Tumble this evening at 11:05PM PST, saying that my information may have been exposed.

Assuming Zendesk knows exactly how deep the penetration went, there is probably not a lot to worry about. The attackers gained access to email addresses and the subject lines of support emails, but there’s no indication they accessed any passwords or other data.

In other words: don’t panic.

Here’s the email that Tumblr sent out to affected users:

Important information regarding your security and privacy

For the last 2.5 years, we’ve used a popular service called Zendesk to store, organize, and answer emails to Tumblr Support. We’ve learned that a security breach at Zendesk has affected Tumblr and two other companies. We are sending this notification to all email addresses that we believe may have been affected by this breach.

This has potentially exposed records of subject lines and, in some cases, email addresses of messages sent to Tumblr Support. While much of this information is innocuous, please take some time today to consider the following:

  • The subject lines of your emails to Tumblr Support may have included the address of your blog which could potentially allow your blog to be unwillingly associated with your email address.
  • Any other information included in the subject lines of emails you’ve sent to Tumblr Support may be exposed. We recommend you review any correspondence you’ve addressed tosupport@tumblr.comabuse@tumblr.comdmca@tumblr.com,legal@tumblr.comenquiries@tumblr.com, orlawenforcement@tumblr.com.
  • Tumblr will never ask you for your password by email. Emails are easy to fake, and you should be suspicious of unexpected emails you receive.

Your safety is our highest priority. We’re working with law enforcement and Zendesk to better understand this attack. Please monitor your email and Tumblr accounts for suspicious behavior, and notify us immediately if you have any concerns.

This is an breaking story, check for updates on Friday.

photo credit: alles-schlumpf via photopin cc


Filed under: Business, Enterprise, Security, Social, VentureBeat


Tags: , , , , , , , , , , ,

Zendesk hacked: Twitter, Pinterest, and Tumblr users were affected

February 22nd, 2013 No comments

large_6872259969A security breach at cloud-based customer support vendor Zendesk has exposed personal information including email addresses of Twitter, Pinterest, and Tumblr clients, the company said today in a blog post.

We’ve become aware that a hacker accessed our system this week. As soon as we learned of the attack, we patched the vulnerability and closed the access that the hacker had. Our ongoing investigation indicates that the hacker had access to the support information that three of our customers store on our system. We believe that the hacker downloaded email addresses of users who contacted those three customers for support, as well as support email subject lines. We notified our affected customers immediately and are working with them to assist in their response.

Zendesk manages backoffice features like customer support and help desk operations via a cloud service it delivers to hundreds of clients serving over 65 million people, the company says on its website. Only Twitter, Pinterest, and Tumblr clients were affect, the company says, but those sites touch literally hundreds of millions of users.

Since most end users never touch Zendesk directly, most users first awareness that there might be a problem will come via an email from one of the affected services. I received an email from Tumble this evening at 11:05PM PST, saying that my information may have been exposed.

Assuming Zendesk knows exactly how deep the penetration went, there is probably not a lot to worry about. The attackers gained access to email addresses and the subject lines of support emails, but there’s no indication they accessed any passwords or other data.

In other words: don’t panic.

Here’s the email that Tumblr sent out to affected users:

Important information regarding your security and privacy

For the last 2.5 years, we’ve used a popular service called Zendesk to store, organize, and answer emails to Tumblr Support. We’ve learned that a security breach at Zendesk has affected Tumblr and two other companies. We are sending this notification to all email addresses that we believe may have been affected by this breach.

This has potentially exposed records of subject lines and, in some cases, email addresses of messages sent to Tumblr Support. While much of this information is innocuous, please take some time today to consider the following:

  • The subject lines of your emails to Tumblr Support may have included the address of your blog which could potentially allow your blog to be unwillingly associated with your email address.
  • Any other information included in the subject lines of emails you’ve sent to Tumblr Support may be exposed. We recommend you review any correspondence you’ve addressed tosupport@tumblr.comabuse@tumblr.comdmca@tumblr.com,legal@tumblr.comenquiries@tumblr.com, orlawenforcement@tumblr.com.
  • Tumblr will never ask you for your password by email. Emails are easy to fake, and you should be suspicious of unexpected emails you receive.

Your safety is our highest priority. We’re working with law enforcement and Zendesk to better understand this attack. Please monitor your email and Tumblr accounts for suspicious behavior, and notify us immediately if you have any concerns.

This is an breaking story, check for updates on Friday.

photo credit: alles-schlumpf via photopin cc


Filed under: Business, Enterprise, Security, Social, VentureBeat


Tags: , , , , , , , , , , ,

Facebook disables Java after hack

February 15th, 2013 No comments

thumbs down

Facebook announced that it was hacked in a blog post today, after some of its employees visited an infected mobile developer website in January. The company says there is no evidence that user data was affected.

“They gained limited visibility into our systems,” Fred Wolens, a spokesperson for Facebook, told VentureBeat in an interview, “We’ve accelerated our program to disable Java in our environment.”

The company explained in the blog post that the laptops that were infected were “fully patched” and ran the most up-to-date anti-virus software prior to the infection. It is currently working with law enforcement to dig into the hack’s details. The malware came through another issue with Java, the programing language from Oracle that was recently patched to fix a number of other issues. The Department of Homeland Security even recommended that people uninstall Java since hackers were finding new holes often.

“After analyzing the compromised website where the attack originated, we found it was using a “zero-day” (previously unseen) exploit to bypass the Java sandbox (built-in protections) to install the malware,” said Facebook in the blog post. “We immediately reported the exploit to Oracle, and they confirmed our findings and provided a patch on February 1, 2013, that addresses this vulnerability.”

Facebook has not specified who the attackers are, and it very well may not know. The company does, however, say that it was “not alone in this attack” and that it wanted to tell the world about this hack quickly so that others can start their own remediation.

hat tip AllThingsD; Thumbs down image via Shutterstock


Filed under: Security


Tags: , , , ,

Facebook disables Java after hack

February 15th, 2013 No comments

thumbs down

Facebook announced that it was in a blog post today, after some of its employees visited an infected mobile developer website in January. The company says there is no evidence that user data was affected.

“They gained limited visibility into our systems,” Fred Wolens, a spokesperson for Facebook, told in an interview, “We’ve accelerated our program to disable in our environment.”

The company explained in the blog post that the laptops that were infected were “fully patched” and ran the most -to-date anti-virus software prior to the infection. It is currently working with law enforcement to dig into the ’s details. The came through another issue with Java, the programing language from Oracle that was recently patched to fix a number of other issues. The Department of Homeland even recommended that people uninstall Java since hackers were finding new holes often.

“After analyzing the website where the attack originated, we found it was using a “” (previously unseen) exploit to bypass the Java sandbox (built-in protections) to install the malware,” said Facebook in the blog post. “We immediately reported the exploit to Oracle, and they confirmed our findings and provided a patch on February 1, 2013, that addresses this vulnerability.”

Facebook has not specified who the attackers are, and it very well may not know. The company does, however, say that it was “not alone in this attack” and that it wanted to tell the world about this hack quickly so that others can start their own remediation.

hat tip AllThingsD; Thumbs down image via Shutterstock

Filed under: Security

Tags: , , , , ,

Broken Jawbone: Hackers steal emails and passwords from users

February 13th, 2013 No comments

Jambox Jawbone

Jambox wireless speaker creator Jawbone is singing the blues today. It alerted users early this morning to a hack on its MyTalk network, that left names, email addresses, and encrypted passwords compromised.

The MyTalk network is where people can update their software, find and download apps for Jawbone’s device, and customize your device’s voice and language settings. Those products include Jawbone’s Jambox speakers and Up fitness wristbands. One customer, Dave Zatz, posted the message he received from Jawbone on Twitter. It reads, in part:

“Based on our investigation to date, we do not believe there has been any unauthorized use of login information or unauthorized access to information in your account.”

It continues to say that the password has been “disabled” and you can reset the password by visiting the user reset page, and completing emailed instructions.

Of course, if you use that password on any other websites, you should change it immediately. One of the first things a cyber criminal will do with your password is try it on other websites. And though Jawbone says that because your password was taken encrypted and none of “the actual letters and numbers in your password” were revealed, hackers have ways to decrypt information.

As The Verge notes, however, it doesn’t seem this hack affected all users. According to a statement provided to the Verge, Jawbone says that the attack was “identified within hours” and subsequently blocked.

Jambox image via Jawbone


Filed under: Security


Tags: , , , , ,

Broken Jawbone: Hackers steal email and passwords from users

February 13th, 2013 No comments

Jambox Jawbone

Jambox wireless speaker creator Jawbone is singing the blues today. It alerted users early this morning to a hack on its MyTalk network that left names, email addresses, and encrypted passwords compromised.

The MyTalk network is where people can update their software, find and download apps for Jawbone’s device, and customize their device’s voice and language settings. Those products include Jawbone’s Jambox speakers and Up fitness wristbands. One customer, Dave Zatz, posted the message he received from Jawbone on Twitter. It reads, in part: ”Based on our investigation to date, we do not believe there has been any unauthorized use of login information or unauthorized access to information in your account.”

It continues to say that the password has been “disabled” and you can reset the password by visiting the user reset page and completing emailed instructions.

Of course, if you use that password on any other websites, you should change it immediately. One of the first things a cyber-criminal will do with your password is try it on other websites. And though Jawbone says that because your password was taken was encrypted and none of “the actual letters and numbers in your password” were revealed, hackers have ways to decrypt information.

As The Verge notes, however, it doesn’t seem this hack affected all Jawbone customers. According to a statement provided to the Verge, Jawbone says that the attack was “identified within hours” and subsequently blocked.

Jambox image via Jawbone


Filed under: Security


Tags: , , , , ,

Future of top U.S. Bitcoin exchange in doubt as $250K in virtual currency stolen

September 4th, 2012 No comments

The future of the top U.S. Bitcoin echange is in doubt after $250,000 in virtual currency was stolen last night.

As CNet reports, an unidentified hacker found and absconded with an unencrypted backup of virtual wallet keys, taking 24,000 bitcoins, each worth just over ten U.S. dollars. It’s the virtual equivalent of leaving your wallet on the cafe table as you go to use the restroom.

In a blog post, Bitcoin founder Roman Shtylman said that BitFloor, the exchange for Bitcoins, would be paused while he evaluates options. He said he still had logs for all the accounts, trades and transfers for every user, but the theft took the vast majority of the coins BitFloor has on hand at any time, which are generated by commissions on Bitcoin trades.

Shtylman wants to continue to operate BitFloor, but that is currently in doubt. And shuttering the exchange, while a last resort, is a very real option:

As a last resort, I will be forced to fully shut BitFloor down and initiate account repayment using current available funds. I still have all of the logs for accounts, trades, transfers. I know exactly how much each user currently has in their account for both USD and BTC. No records were lost in this attack.

There are multiple Bitcoin exchanges, and BitFloor is only the fourth-largest, globally. So if BitFloor is forced to shutter operations, it does not mean the end of the line for Bitcoin as a currency. In addition, there is no centralized authority for Bitcoins — the system is inherently resistant to a single point of failure.

On the other hand, other Bitcoin exchanges have gone bankrupt, some have been hacked, and there are trojans and viruses in the wild that can steal Bitcoin digital wallets.

It’s not something that engenders trust in something as fundamental as money.

photo credit: zcopley via photo pin cc


Filed under: security, VentureBeat

Tags: , , , , ,

GameSpasm is Stephen Fry proof thanks to caching by WP Super Cache