1. Hey Guest! If you're more than just a WildStar fan and want to keep up on the latest MMO news, reviews and opinion pieces then I'd like to suggest you visit our sister site MMO Central

Data Mining Account Information

Discussion in 'Gaming Arena' started by VooDoo, Sep 2, 2011.

  1. VooDoo

    VooDoo Cupcake-About-Town

    Joined:
    Aug 19, 2011
    Likes Received:
    78
    Trophy Points:
    28
    I thought I would share this post with you guys that I recently posted on another games website. I thought it was worthy to share with just about anyone whos an MMO gamer. Hopefully Wildstar will offer a two-factor authentication system at release and we wont have many security issues to worry about.

    ================================================================

    I thought I would post this in lieu of getting a suspicious friends request along with a link for a so-called "fan site" which appeared to be nothing but a data mine for possible account information. This happened here *edit* (not on wildstar central), and I saw that many posters on this board friended this person and possibly created accounts on the page they were given.

    Many of you do not realize this, but account security breaches for MMO's happen at many different stages and many times it happens before a game is even released. Often people are confused on how their account was compromised since they claim they never visit suspicious sites, dont use addons, dont share account information etc. The key they are missing is they always think in the present tense.

    Heres an example: You have a world of warcraft account with an authenticator. You're also a long time member of a Lineage 2 fansite using the same information you use for your login information and since forgot you even belonged to the site. The fan site is compromised, your account info is mined and is added to a database for accessing world of warcraft accounts. The database is then used by an "anonymous" to compromise your account, but cannot compromise the account because it has an authenticator.

    A year or two passes, you're completely clueless this information is out there or that you're wow account even had an attempt on it. You then subscribe to Rift and the account information mined from the lineage 2 website is attempted on this new MMO and they score. You're suddenly confused because you have never been fished, dont use addons, dont share you account information etc.

    You can replace the above fansite hack with a previous fish attempt for a completely unrelated MMO. The point I'm trying to make is more times than not, the account is compromised a long time before the game you are currently playing was even released. You just made the poor decision to re-use account information that you think is secure because it was never compromised previously.

    This actually happened in Rift to a lot of people prior to coin locks and authenticators. So just be wise, just because you think your accounts are secure it just may be that they havnt been able to breach it. The account information may still be out there just waiting for the next MMO to be released without a two factor authentication system in place.
    Brotoi, Celsus and Frozenoak like this.
  2. Dyraele

    Dyraele "That" Cupcake

    Joined:
    Aug 23, 2011
    Likes Received:
    312
    Trophy Points:
    83
    Location:
    Arizona, USA
    Thanks, very informative.
  3. Frozenoak

    Frozenoak Founding Member

    Joined:
    Nov 4, 2010
    Likes Received:
    28
    Trophy Points:
    28
    Location:
    South Orange County CA
    Very good info, and true. I use a completely new account name and password for all my games (and only once was it the name of one of my Characters). I use more or less the same username and password for most forums but that is a little different than something financially related. I do love WoW's authenticator. I get account password reset requests frequently from Blizzard (probably because my main had the same name as the account, bad idea) but I feel confident that the account is safe because of the Authenticator. I report and forward everything I get from Blizzard to Blizzard. It has become a plague.
  4. VooDoo

    VooDoo Cupcake-About-Town

    Joined:
    Aug 19, 2011
    Likes Received:
    78
    Trophy Points:
    28
    ya managing user names/passwords can be a hassle but I keep forum user names and passwords different from the usernames and passwords I use in games as well. I use very strong passwords on games with single-factor authentication and have a variation of a few strong passwords I use on games with two-factor authentication.

    I only have two usernames I use for game accounts which are seperate from forum accounts and the username helps me remember what form of password I used for the account. Once I learned how account info was being gathered and then distributed to gain access to multiple games I've been really cautious on what I use and where.
  5. starspun

    starspun Well-Known Cupcake

    Joined:
    Aug 15, 2011
    Likes Received:
    399
    Trophy Points:
    63
    Up until maybe six years ago I used the same username and password combination just about everywhere. I'm amazed nothing ever happened to anything, but after a couple of friends in a few games were accessed by someone else and all their characters stripped of gear and money, I finally realized I might be at risk as well and changed many, many passwords. I definitely agree managing usernames and passwords can be a hassle... so I acquired a notebook to put it all in, and no, you can't see it! I even hide it on the rare occasion someone is visiting, haha.

    The rampant hacking that happened in Rift early on was actually the result of a security flaw with the launcher's login process or somesuch - as long as someone who knew how it worked had your e-mail, they could bypass entering a password altogether and have their way with your in-game stuff.
  6. SiegaPlays

    SiegaPlays "That" Cupcake

    Joined:
    Sep 14, 2011
    Likes Received:
    454
    Trophy Points:
    83
    Location:
    Denmark
    I always used different ID and password for all games. I also like Blizzards authenticator, but Rift iphone supported one is actually more convinient for me. Sony is adding auhtenticators these days, but not yet for iphone (last I looked).

Share This Page