The passwords are not listed in connection with MTGSalvation. MTGSalvation is not mentioned on the same site as the passwords. This, combined with the fact that hijacking a forum account is low-reward, means that your MTGSalvation account is NOT likely to be hijacked.
What you should be worrying about is your PayPal account, eBay account, and any other (especially finance-related) accounts. In fact, it sounds like the passwords listed may actually be members' PayPal passwords. Don't just change your MTGSalvation password, change your PayPal password and any other account you feel nervous about!
EDIT: And Weaver, their "skills" or lack thereof is not the problem. These hackers are very likely talentless "script kiddies", but those are the kind most likely to swarm such username/password lists. They'll pick through, check to find logins that work, and use them for profit.
I received the message via email. I understand why no one should be able to see the entire list, but if my name is on there I'd like to actually see the information that was posted relevant to me.... I use several different passwords for the tons and tons of sites I've registered to, so I'd like to see which one(s) I have to change.
so it was on a hacking forum? that narrows it down a bit
That's what Charlie said, "I discovered my own username, password, and email address posted together on a hacking forum, along with several thousand others. They claimed to be eBay and PayPal account passwords, but I don't recall ever having an eBay or PayPal account with those names."
in anycase, ive changed my password, hopefully these arent overly skilled hackers, That would be very bad indeed
If they were overly-skilled hackers, they'd be wasting their time.
Skilled hackers, them too.
Oh wait, PayPal and eBay? Oh. :|
Still... it can't be that profitable.
Anyway, just as a safety precaution, the staff appear to advise users to change their password(s).
I received the message via email. I understand why no one should be able to see the entire list, but if my name is on there I'd like to actually see the information that was posted relevant to me.... I use several different passwords for the tons and tons of sites I've registered to, so I'd like to see which one(s) I have to change.
Is this at all possible/likely?
Lolwut?
Because, for the umpteenth time, the passwords as also displayed and the staff don't want you cracking into others' accounts, maybe?
I dunno; it's just, like, a hunch?
That's pretty, you know, bad and, for those who aren't amoral and have morals and try to follow them, immoral and such.
Oh wait, PayPal and eBay? Oh. :|
Still... it can't be that profitable.
Because, for the umpteenth time, the passwords as also displayed and the staff don't want you cracking into others' accounts, maybe?
I dunno; it's just, like, a hunch?
first off, my ebay account and many people i know is linked up to credit cards AND bank accounts, so it can be very profitable.
and I have no intentions of hijacking other accounts, i just need to see if myself, and 4 other people im close to are on that list.
in anycase, the people are warned, and passwords are being changed. im still going to do some digging.
What you should be worrying about is your PayPal account, eBay account, and any other (especially finance-related) accounts. In fact, it sounds like the passwords listed may actually be members' PayPal passwords. Don't just change your MTGSalvation password, change your PayPal password and any other account you feel nervous about!
As much as I dislike using it, "QFT".
EDIT: And Weaver, their "skills" or lack thereof is not the problem. These hackers are very likely talentless "script kiddies", but those are the kind most likely to swarm such username/password lists. They'll pick through, check to find logins that work, and use them for profit.
Or, I'm guessing, to log-in, change the password, and do it for the lulz (to induce frustration in the original owner), or something; or, is that all considered profit?
Oh wait, PayPal and eBay? Oh. :|
Still... it can't be that profitable.
Because, for the umpteenth time, the passwords as also displayed and the staff don't want you cracking into others' accounts, maybe?
I dunno; it's just, like, a hunch?
first off, my ebay account and many people i know is linked up to credit cards AND bank accounts, so it can be very profitable.
Quote tags broke.
Fixed.
Not everyone has their Sally accounts linked to eBay and/or PayPal accounts. What are we talking now; MTGS or money-related accounts? It's probably wise to change all passwords (MTGS and eBay/PayPal), considering the vagueness.
and I have no intentions of hijacking other accounts, i just need to see if myself, and 4 other people im close to are on that list.
No one actually knows that, and I don't think anyone who knows the link would have that much good faith in divulging the URL, as much as they might trust you or any other user.
in anycase, the people are warned, and passwords are being changed. im still going to do some digging.
Up to you, but if you should find anything, it would be a security issue if you didn't inform the staff of this site (stat), kept the information to yourself or non-staff, or posted it.
Up to you, but if you should find anything, it would be a security issue if you didn't inform the staff of this site (stat), kept the information to yourself or non-staff, or posted it.
Good point, which is why I'm letting people know, my hotmail password DOESN'T WORK ANYMORE! I think someone figured it out from this site, I have no idea how, but it's quite a coincidence, don't you think?! Seriously people, you need to go and change that **** immediately!
Up to you, but if you should find anything, it would be a security issue if you didn't inform the staff of this site (stat), kept the information to yourself or non-staff, or posted it.
That bugs me. That's more than the number of active users last month.
if i find Anything of importance to the mods ill let you know.
identity theft and all forms of white collar crime suck, and whether you believe me or not, im just trying to protect my own hide and the skins of close friends.
so far 2 forums have nothing to offer, but ima keep looking
donotforgive, ... um ... I don't know what's linked to your account, but perhaps there's a way of restoring it, by, uhm, contacting the mods and proving the verity of your identity and online identity.
No offence or anything, but to me, 0 posts and nothing doesn't seem that worth salvaging. Your Hotmail account, on the other hand, seems to have irrevocable damage done to it.
Perhaps you could contact Hotmail -- or is it Microsoft, whatever? -- about that.
Interesting to think how they may have leaked. I don't ever recall clicking on a phishing link and I've never done trading over MTGS, so that hypothesis does not hold. I find it unlikely that someone would've actually bruteforced that many passwords on a site like this (especially since clearly more than just admin accounts have been targeted), so the only thing I can think of is some browser memory checking worm.
As Charlie suggested, "script kids".
Most probably bruteforced.
if i find Anything of importance to the mods ill let you know.
identity theft and all forms of white collar crime suck, and whether you believe me or not, im just trying to protect my own hide and the skins of close friends.
so far 2 forums have nothing to offer, but ima keep looking
Thanks for the heads-up, but remember, let the staff know.
donotforgive, ... um ... I don't know what's linked to your account, but perhaps there's a way of restoring it, by, uhm, contacting the mods and proving the verity of your identity and online identity.
No offence or anything, but to me, 0 posts and nothing doesn't seem that worth salvaging. Your Hotmail account, on the other hand, seems to have irrevocable damage done to it.
Perhaps you could contact Hotmail -- or is it Microsoft, whatever? -- about that.
Or start anew.
I could change this account, but my hotmail? I'm a web developer and I used it to keep small gif libraries - it would take me days to get all the mudkip promotional material off there! Have you checked your account?
man, hacking sites is the worst game ever - you always end up losing your data.
Because, for the umpteenth time, the passwords as also displayed and the staff don't want you cracking into others' accounts, maybe?
I dunno; it's just, like, a hunch?
That's pretty, you know, bad and, for those who aren't amoral and have morals and try to follow them, immoral and such.
Did you even read what I wrote? I said I didn't want to see the entire list, just the information that was relevant to me, if indeed my name is even on the list. I use different passwords for almost every site I log into, so I'd like to see which of my own passwords was leaked (if any). I don't want to see anyone else's information.
Good to see prompt action. No harm in changing my password, except that I don't remember which email I used to set this account up because it's been about three years.
Edit: Hah, it says it right there. Just goes to show that I haven't had any account issues in three years. So thumbs up I guess.
Did you even read what I wrote? I said I didn't want to see the entire list, just the information that was relevant to me, if indeed my name is even on the list. I use different passwords for almost every site I log into, so I'd like to see which of my own passwords was leaked (if any). I don't want to see anyone else's information.
To answer your rhetorical question, yes
I know you meant to say you didn't want to see the entire list; just the information that was relevant to you. You apparently didn't get the meaning of what I was trying to say.
PM an administrator to check which password was leaked, or something.
I could change this account, but my hotmail? I'm a web developer and I used it to keep small gif libraries - it would take me days to get all the mudkip promotional material off there! Have you checked your account?
Ok good, I don't want the same thing to happen to others. Apparently (according to the email I got back from hotmail - **** they're prompt) there was a bunch of activity on my account, from many different IPs. I've got no idea what they were doing - thankfully they didn't delete anything.
I could change this account, but my hotmail? I'm a web developer and I used it to keep small gif libraries - it would take me days to get all the mudkip promotional material off there! Have you checked your account?
man, hacking sites is the worst game ever - you always end up losing your data.
LOL, I'm pretty sure this guy is joking around. Someone had to go and mention 4chan. The "over 9000" and the mudkip thing are old 4chan jokes.
I just want to say, looking over this list, + the number of passwords that are either the same as the username, or part of the username, or easily brute-forced single words under 8 characters. . . WAKE UP!
DO use a password with mixed-case letters. Use uppercase letters throughout the password.
DO use a password that contains alphanumeric characters and include punctuation, where supported by the operating system.
DO use at least six characters.
DO use a password with mixed-case letters. Do not just capitalize the first letter, but add uppercase letters throughout the password.
DO change passwords regularly. The more critical an account to network integrity (such as root on a Unix host or Administrator on Windows NT), the more frequently the password should be changed. This change stops someone who has already compromised an account from continued access.
DO NOT use your first, middle or last name or anyone else’s in any form. Do not use your initials or any nicknames you may have or anyone else’s.
DO NOT use a network login ID in any form (reversed, capitalized, or doubled as a password).
DO NOT use a word contained in English or foreign dictionaries, spelling lists, or other word lists and abbreviations.
DO NOT use other information easily obtained about you. This includes pet names, license plate numbers, telephone numbers, identification numbers, the brand of your automobile, the name of the street you live on, and so on. Such passwords are very easily guessed by someone who knows the user.
DO NOT use a password of all numbers, or a password composed of alphabet characters. Mix numbers and letters.
DO NOT use dates e.g., September, SEPT1999 or any combination thereof.
DO NOT use keyboard sequences, e.g., qwerty.
DO NOT use a sample password, no matter how good, that you’ve gotten from a book that discusses information and computer security.
DO NOT use any of the above things spelled backwards, or in caps, or otherwise disguised.
I just want to say, looking over this list, + the number of passwords that are either the same as the username, or part of the username, or easily brute-forced single words under 8 characters. . . WAKE UP!
DO use a password with mixed-case letters. Use uppercase letters throughout the password.
DO use a password that contains alphanumeric characters and include punctuation, where supported by the operating system.
DO use at least six characters.
DO use a password with mixed-case letters. Do not just capitalize the first letter, but add uppercase letters throughout the password.
DO change passwords regularly. The more critical an account to network integrity (such as root on a Unix host or Administrator on Windows NT), the more frequently the password should be changed. This change stops someone who has already compromised an account from continued access.
DO NOT use your first, middle or last name or anyone else’s in any form. Do not use your initials or any nicknames you may have or anyone else’s.
DO NOT use a network login ID in any form (reversed, capitalized, or doubled as a password).
DO NOT use a word contained in English or foreign dictionaries, spelling lists, or other word lists and abbreviations.
DO NOT use other information easily obtained about you. This includes pet names, license plate numbers, telephone numbers, identification numbers, the brand of your automobile, the name of the street you live on, and so on. Such passwords are very easily guessed by someone who knows the user.
DO NOT use a password of all numbers, or a password composed of alphabet characters. Mix numbers and letters.
DO NOT use dates e.g., September, SEPT1999 or any combination thereof.
DO NOT use keyboard sequences, e.g., qwerty.
DO NOT use a sample password, no matter how good, that you’ve gotten from a book that discusses information and computer security.
DO NOT use any of the above things spelled backwards, or in caps, or otherwise disguised.
The site is run on vBulletin, which is established stable software. I've changed my password several times (including today) with no issues; your issue was either a spam filter or an unlikely anomaly.
Obviously, this situation is beyond MTGS. There's probably nothing the mods can do for us. Outside of this site, they have no authority. For all we know, the leaked information didn't even come from here. It could come from anywhere or another Magic site. This is why I don't do online transactions.
EDIT:
I checked my mailbox and I didn't receive the spam e-mail. I feel left out.
Obviously, this situation is beyond MTGS. There's probably nothing the mods can do for us. Outside of this site, they have no authority. For all we know, the leaked information didn't even come from here. It could come from anywhere or another Magic site. This is why I don't do online transactions.
Me neither, **** the internet.
Private Mod Note
():
Rollback Post to RevisionRollBack
To post a comment, please login or register a new account.
so it was on a hacking forum? that narrows it down a bit
in anycase, ive changed my password, hopefully these arent overly skilled hackers, That would be very bad indeed
The passwords are not listed in connection with MTGSalvation. MTGSalvation is not mentioned on the same site as the passwords. This, combined with the fact that hijacking a forum account is low-reward, means that your MTGSalvation account is NOT likely to be hijacked.
What you should be worrying about is your PayPal account, eBay account, and any other (especially finance-related) accounts. In fact, it sounds like the passwords listed may actually be members' PayPal passwords. Don't just change your MTGSalvation password, change your PayPal password and any other account you feel nervous about!
EDIT: And Weaver, their "skills" or lack thereof is not the problem. These hackers are very likely talentless "script kiddies", but those are the kind most likely to swarm such username/password lists. They'll pick through, check to find logins that work, and use them for profit.
Is this at all possible/likely?
Co-Host, In Contention Podcast / Yo! MTG Taps! Podcast
In Contention
Yo! MTG Taps!
Twitter.com/AffinityForBlue
That's what Charlie said, "I discovered my own username, password, and email address posted together on a hacking forum, along with several thousand others. They claimed to be eBay and PayPal account passwords, but I don't recall ever having an eBay or PayPal account with those names."
If they were overly-skilled hackers, they'd be wasting their time.
Skilled hackers, them too.
Oh wait, PayPal and eBay? Oh. :|
Still... it can't be that profitable.
Anyway, just as a safety precaution, the staff appear to advise users to change their password(s).
Lolwut?
Because, for the umpteenth time, the passwords as also displayed and the staff don't want you cracking into others' accounts, maybe?
I dunno; it's just, like, a hunch?
That's pretty, you know, bad and, for those who aren't amoral and have morals and try to follow them, immoral and such.
first off, my ebay account and many people i know is linked up to credit cards AND bank accounts, so it can be very profitable.
and I have no intentions of hijacking other accounts, i just need to see if myself, and 4 other people im close to are on that list.
in anycase, the people are warned, and passwords are being changed. im still going to do some digging.
****, I just lost all my hotmail messages!
I don't believe anyone has a @mtgsalvation.com email, other than Hannes?
As much as I dislike using it, "QFT".
Or, I'm guessing, to log-in, change the password, and do it for the lulz (to induce frustration in the original owner), or something; or, is that all considered profit?
Quote tags broke.
Fixed.
Not everyone has their Sally accounts linked to eBay and/or PayPal accounts. What are we talking now; MTGS or money-related accounts? It's probably wise to change all passwords (MTGS and eBay/PayPal), considering the vagueness.
No one actually knows that, and I don't think anyone who knows the link would have that much good faith in divulging the URL, as much as they might trust you or any other user.
Up to you, but if you should find anything, it would be a security issue if you didn't inform the staff of this site (stat), kept the information to yourself or non-staff, or posted it.
That bugs me. That's more than the number of active users last month.
Such a generic message makes me thing A LOT of people either don't know where it's from, or it was caught in spam filters.
...changing there, unless that's a REALLY old list (then my passwords are changed anyways), my accounts aren't linked by name to anything on there...
静
Good point, which is why I'm letting people know, my hotmail password DOESN'T WORK ANYMORE! I think someone figured it out from this site, I have no idea how, but it's quite a coincidence, don't you think?! Seriously people, you need to go and change that **** immediately!
if i find Anything of importance to the mods ill let you know.
identity theft and all forms of white collar crime suck, and whether you believe me or not, im just trying to protect my own hide and the skins of close friends.
so far 2 forums have nothing to offer, but ima keep looking
No offence or anything, but to me, 0 posts and nothing doesn't seem that worth salvaging. Your Hotmail account, on the other hand, seems to have irrevocable damage done to it.
Perhaps you could contact Hotmail -- or is it Microsoft, whatever? -- about that.
Or start anew.
As Charlie suggested, "script kids".
Most probably bruteforced.
Thanks for the heads-up, but remember, let the staff know.
I could change this account, but my hotmail? I'm a web developer and I used it to keep small gif libraries - it would take me days to get all the mudkip promotional material off there! Have you checked your account?
man, hacking sites is the worst game ever - you always end up losing your data.
Did you even read what I wrote? I said I didn't want to see the entire list, just the information that was relevant to me, if indeed my name is even on the list. I use different passwords for almost every site I log into, so I'd like to see which of my own passwords was leaked (if any). I don't want to see anyone else's information.
Co-Host, In Contention Podcast / Yo! MTG Taps! Podcast
In Contention
Yo! MTG Taps!
Twitter.com/AffinityForBlue
Actually, it's OVER NINE THOUSAAAAANND!
...Dammit, I had to.
Good to see prompt action. No harm in changing my password, except that I don't remember which email I used to set this account up because it's been about three years.
Edit: Hah, it says it right there. Just goes to show that I haven't had any account issues in three years. So thumbs up I guess.
I know you meant to say you didn't want to see the entire list; just the information that was relevant to you. You apparently didn't get the meaning of what I was trying to say.
PM an administrator to check which password was leaked, or something.
Nope? Yes, maybe.
Ok good, I don't want the same thing to happen to others. Apparently (according to the email I got back from hotmail - **** they're prompt) there was a bunch of activity on my account, from many different IPs. I've got no idea what they were doing - thankfully they didn't delete anything.
So no one else has had this problem?
LOL, I'm pretty sure this guy is joking around. Someone had to go and mention 4chan. The "over 9000" and the mudkip thing are old 4chan jokes.
what about @m@z1ngp@$$w0rd1 ?
I have changed my password. [Witholds comment about username just in case]
Atrius' Posts 1W
Instant
You win target thread. If you aren't Atrius, Atrius wins that thread instead.
"Wait, can you actually win a thread?" - Atrius.
ummmm
Posts: 0
Posts: 0
Posts: 0
Posts: 0
Posts: 0
Posts: 0
Posts: 0
Posts: 0
Posts: 0
Posts: 0
Posts: 0
Posts: 0
EDIT:
I checked my mailbox and I didn't receive the spam e-mail. I feel left out.
Me neither, **** the internet.