Jump to content

Mangagamer database compromised

nohman

By nohman
in Visual Novel Talk

 Share

Recommended Posts

Albedo Fuwa Veteran

Albedo

Posted
Posted

Speaking of threats, the feminist community is propably trying to piss of gamers as well - they are petitioning Steam to completely shut down it's services for a whole hour as a form of protest against their oppresive behaviour. I agree sending rape and death threats is an awful thing to do, but why should the worldwide community take responsibility for what was done by a bunch of people? I find that particular way of thinking no different from previous commitments of those guys.

 

That was news to me, do you have any sources? And is this in response to those fake-ass death threats Anita Sarkeesian got? (No, seriously, read the twits... No way a man wrote them.)

Link to comment
Share on other sites
Decay Fuwa Master

Decay

Posted
Posted

That was news to me, do you have any sources? And is this in response to those fake-ass death threats Anita Sarkeesian got? (No, seriously, read the twits... No way a man wrote them.)

lmao dude I've seen feminists get shat on in way worse ways than that from actual people who were actually out of their mind. I have zero trouble believing that was real. Of course, I also think the person who wrote them was spineless and wouldn't ever follow through on anything. 

 

The thing is that there are crazy people on both sides of the issue like the people who hacked the fine young capitalists indiegogo, and that the whole thing is a clusterfuck I refuse to interact with. It also has practically nothing to do with anything here so maybe we shouldn't get too far off topic.

Link to comment
Share on other sites
Albedo Fuwa Veteran

Albedo

Posted
Posted

lmao dude I've seen feminists get shat on in way worse ways than that from actual people who were actually out of their mind. I have zero trouble believing that was real. Of course, I also think the person who wrote them was spineless and wouldn't ever follow through on anything. 

 

The thing is that there are crazy people on both sides of the issue like the people who hacked the fine young capitalists indiegogo, and that the whole thing is a clusterfuck I refuse to interact with. It also has practically nothing to do with anything here so maybe we shouldn't get too far off topic.

 

No, thing is, she's controversial, I get that, and I can totally believe that she gets death threats and all sort of shit. It's just that, death threats from a brand new twitter account, and with threats that look written by a woman (Seriously, would a man threaten to "drink blood off your cunt"? Any man? Is giving oral sex to a woman a male fantasy? News to me) just in the wake of the Zoe Quinn thing? Nah.

 

But yes, you're right, this is going way off topic.

Link to comment
Share on other sites
sanahtlig Fuwa Master

sanahtlig

Posted
Posted

I checked the database dump.  All they appear to have gotten were usernames, e-mail addresses, and password hashes.  Some people's e-mail addresses may contain their real name, so that may be irritating to some.  The passwords do not appear to have been decoded.

 

I also use LastPass.  I guess I might as well start the arduous task of changing all my passwords to be unique on the hundreds of sites I have accounts at.

Link to comment
Share on other sites
Decay Fuwa Master

Decay

Posted
Posted

I checked the database dump.  All they appear to have gotten were usernames, e-mail addresses, and password hashes.  Some people's e-mail addresses may contain their real name, so that may be irritating to some.  The passwords do not appear to have been decoded.

 

I also use LastPass.  I guess I might as well start the arduous task of changing all my passwords to be unique on the hundreds of sites I have accounts at.

LastPass notifies you when you're using a shared password. Instead of remembering every single site I have an account on and changing them all at once, I just changed my password each time I logged into a site and that notice popped up. The way I figure it, any site that uses a shared password anymore is barely ever visited by me and I don't care if the account gets compromised.

Link to comment
Share on other sites
havoc Fuwa Elite

havoc

Posted
Posted

Someone claiming to be the hacker has apologized for the attack on the official forums, claiming he thought MG was promoting child pornography.

http://forums.mangagamer.org/viewtopic.php?f=3&t=348&start=15#p9801

Lol if it actually is him, he is a bigger moron than i thought and impulsive to boot.

so let us do a guessing game for his (mental) age.

My guess mental age 15, real age 45 year old brain dead.

Link to comment
Share on other sites
Zenophilious Fuwa Master

Zenophilious

Posted
Posted

Someone claiming to be the hacker has apologized for the attack on the official forums, claiming he thought MG was promoting child pornography.

http://forums.mangagamer.org/viewtopic.php?f=3&t=348&start=15#p9801

What an idiot.  If you're going to do something like that, you should never admit that you were the one that did it, unless you have some need for attention or want to get some new cop buddies.  Kinda sad that he didn't even do any research on Manga Gamer beforehand, either.

 

The guy who's claiming to have done it has a twitter here.

His Twitter account has now been suspended.  Genius probably didn't realize that Twitter legally has to turn over every bit of info they have about a suspected criminal if the cops give them a warrant.  Methinks he's boned.

Link to comment
Share on other sites
Zenophilious Fuwa Master

Zenophilious

Posted
Posted

I had a feeling this guy was a dumbass from the way he wrote on twitter, but I didn't think he'd be this bad. Not sure how severe the punishment for cyber crimes are, but he better learn from it.

I think it generally depends on what country the hacker is in and what exact crime they committed.  Don't know much about cyberlaw, I've only heard it briefly mentioned.  Now, if he's from a different country than the victims and is somehow extradited, which I doubt will happen, things might get very bad for him.

Link to comment
Share on other sites
sanahtlig Fuwa Master

sanahtlig

Posted
Posted

Dear MangaGamer Customers
 
At this time, we would like to announce that full security measures have
been implemented on our site.
 
Last Thursday, our site was hacked and email addresses, nick names, and
encrypted passwords may have been leaked.
The SQL injection vulnerability that allowed this attack was patched up
almost immediately, and in the week since then, we have reviewed our
site for various other security holes, and fixes have been made to
prevent another incident like this from happening.
 
For your security, and to mark the end of this security update, your
password has been automatically generated on our end.
Your new password is
 
Since this password is temporary, please update your password from your
My Account page.
(Your new password must include both alphanumeric characters and symbols)
 
Once again, we apologize for the inconvenience this has caused, and we
hope that you will continue to support us in our endeavors to bring
great visual novels to the west.
 
Best Regards,
MangaGamer Staff
Link to comment
Share on other sites
Nayleen Fuwa Elite

Nayleen

Posted
Posted

Can you clarify something for me?

 

Encryption hopefully doesn't mean what I hope they mean. Encryption is reversible, e.g. you can get the original value back from an encrypted one. Hashing would be what you want to do for passwords, using a proper, modern, secure algorithm (I heard something about them using unsalted md5 hashes before - inadequate). Emails could be encrypted, although there's little value to it. And, depending on how they're used around the site, even those could be hashed instead.

Link to comment
Share on other sites
sanahtlig Fuwa Master

sanahtlig

Posted
Posted

They've said previously the passwords that were leaked were encrypted, when they were actually hashed (as you surmised, using unsalted MD5).  My guess is the spokesperson isn't technically inclined enough to understand the difference.  I have requested clarification however.  The e-mail address is used to send e-mails to customers, so I doubt it can be hashed.

Link to comment
Share on other sites
Decay Fuwa Master

Decay

Posted
Posted

Hashing can be a form of encryption when using it to obfuscate passwords. The problem is that it was a really simple hash algorithm (md5) and the hashes weren't salted. So while it wasn't exactly strong encryption, it's still encryption. Using something like SHA-2 and salting it would be a whole lot better.

Link to comment
Share on other sites
sanahtlig Fuwa Master

sanahtlig

Posted
Posted

Hashing is not a form of encryption, though many refer to it as such.  Encryption is reversible (intended to be decoded to reveal the original message).  Hashes are irreversible.  Both encryption and cryptographic hashes are forms of cryptography.  Though the average user probably doesn't care about the difference, the difference has practical implications.

http://danielmiessler.com/study/encoding_encryption_hashing/

 

Storing an encrypted password is sort of like setting a login password on a laptop, with a sticky note on the monitor proclaiming what the password is.  Sure, it'll stop some forms of attack, but it won't stop the type of attack it really needs to stop: some stranger swiping your laptop and logging in as you.

Link to comment
Share on other sites
Nayleen Fuwa Elite

Nayleen

Posted
Posted

Thanks for pointing it out, the common definition and understanding is kind of wishy-washy unfortunately.

 

I'm looking forward to MG's reply since it's kind of important moving forward to know if personal information, especially passwords, are safe. Personally I'd refrain from ordering from them if proper measures aren't taken, just out of sheer principle.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...