Hey Escapist, care to warn us about the hack?

[Pointer]

Edit: I overreacted to the situation and it is not nearly as dangerous as I thought. It was a DDoS attack, not really a hack to steal your information. I didn't that information had circulated and the measures were being taken. I'm sorry. I thought that considering it is Lulzsec, and that their MO tends to be information theft, that they would do the same here. Thanks goes to the sys admins of the Escapist for working hard to stop the hacks.


http://www.gamepro.com/article/news/220418/updated-lulzsec-topples-eve-online-escapist-magazine-minecraft-and-league-of-legends-servers/

Lulsec invaded the Escapist. While it doesn't say anything in the article about whether or not user data was stolen, why am I reading it there? Shouldn't I be getting an e-mail from you guys, or at the very least shouldn't you post this up on the main news site so that people can change their passwords, etc. before anything happens?

 

[Lunar Templar]

should, i heard about it from a friend, over text messages at work, i get home, no email
weak

 

[akibawall95]

The IT crew might still be trying to get their bearings.

 

[The_root_of_all_evil]

Lulsec invaded the Escapist.

No, they didn't.

They locked it down by bombarding the front page. That's it.

But if you'd have preferred Kross to send out 10-50,000 emails saying "Don't worry", then maybe he will next time. I'm sure he'd enjoy that more than running traces.

 

[Harkonnen64]

I just saw the headline of another forum post that mentioned it. Should be hearing it directly from the site if it is true.

 

[Akytalusia]

we were warned, and it allready happened. show's over. it was just a lag attack. nothing terrible.

 

[Falconsgyre]

It was a DDoS. It's doubtful anything was actually stolen.

 

[thethingthatlurks]

It wasn't a hack, just a DDoS. That happens to be the hacking equivalent of getting a bunch of idiots to fling poo at a building and hoping the occupants get annoyed enough to leave for a few hours. No data is compromised in a DDoS, so there's no reason for the Escapist to warn us if that is really all that happened.

 

[Loop Stricken]

I did wonder why the site went down...

 

[Captain Bobbossa]

Was it not ddos? shouldn't have to change passwords.

 

[TheYellowCellPhone]

Already a thread on it, and the hack is still recent, they'd have to react pretty fast.

 

[Pointer]

Alright, I didn't realize it was a DDOS. I thought it was something a bit more sinister, as Lulzsec has a more nefarious MO, as in the past handing out passwords and other info. Thank you for the heads up and the info.

 

[ReservoirAngel]

We didn't have to change our passwords, they just bombarded the front page with useless shit to lock us all out.

 

[The_root_of_all_evil]

Kross's Response from earlier

Thanks everyone. Stuff is finally coming up with the kiddies turning their attention elsewhere and my having black holed about 6000 IPs so far. They were running s script to refresh the front page as fast as possible, and unfortunately we don't have the infrastructure in our little half rack to deal with that amount of (technically legitimate) traffic.

The odd thing is I've been on the receiving end of dozens of DDoS attacks (usually kiddies targeting my IRC servers) and this is the first time I've seen someone actually brag about it on something as public as twitter. Sure makes framing the attack period a bit easier.

Of more interest to you, as far as I can tell, this was just people spamming the front page from thousands of different IPs, nobody actually accessed any non public parts of the servers. I've still got more digging to do to verify, but everything seems clean for now.

http://www.escapistmagazine.com/forums/jump/18.291570.11585170

TTT wasn't about info, just locking down phone-voted websites. They're doing charity DDOS's, where they are the charity.

 

[floopdawoop]

It was just a DDoS. You're letting the cyber-terrorists win...

 

[Pointer]

Our sysadmins are still investigating whether or not any data was compromised during today's events. However, we have always worked hard to safeguard our user data to the best of our ability. In the event of any compromise of user data, all passwords are stored only in one-way encryption, and we do not collect any unnecessary personal information to associate with your accounts. Any e-commerce is accomplished through third parties, and therefore no payment information whatsoever is kept on the company server assets.

As pertinent information becomes available we will share it with you. Thanks for your patience through this unfortunate circumstance.

 

[tahrey]

But if you'd have preferred Kross to send out 10-50,000 emails saying "Don't worry", then maybe he will next time. I'm sure he'd enjoy that more than running traces.

There's these things called "user lists"... if I have reason to send an urgent message to everyone I work with, I don't have to load up every single name and drop it in the CC box, I just choose the "message absolutely freakin' everybody" list (obviously called something else IRL) and hit send. Server deals with it whilst you get on with your day.

To: {Asbofreakinglutey-everyuser}
Subj: Dammit, Lulzsec
MsgBody: "Guys, Lulzsec just took our front page down. Doesn't look like they did anything more than that, so your details should be safe. If you're bothered by this, you may want to change your password, and that on any accounts that could be traced from your account details that uses the same pass, but it's not likely to be necessary. We'll keep you updated if we find evidence of deeper intrusion"

{SEND}

Cuz... yknow... this topic was the first i know of it, and only at this time rather than a day or twos time because i realised i hadnt read this weeks XP yet.

Edit: Though, yeah ... that would rather be a bit of an overreaction to a common or garden DDoS of the kind that anons pull off on a daily basis just because they're bored. The above is merely a bit of for-example devil's advocacy.

 

[Raskolnikov34]

Can someone explain to me what a DDoS attack is? And what's this about changing passwords?

I'm really ignorant on the area of hacking...

 

[Pointer]

Kross's Response from earlier

Thanks everyone. Stuff is finally coming up with the kiddies turning their attention elsewhere and my having black holed about 6000 IPs so far. They were running s script to refresh the front page as fast as possible, and unfortunately we don't have the infrastructure in our little half rack to deal with that amount of (technically legitimate) traffic.

The odd thing is I've been on the receiving end of dozens of DDoS attacks (usually kiddies targeting my IRC servers) and this is the first time I've seen someone actually brag about it on something as public as twitter. Sure makes framing the attack period a bit easier.

Of more interest to you, as far as I can tell, this was just people spamming the front page from thousands of different IPs, nobody actually accessed any non public parts of the servers. I've still got more digging to do to verify, but everything seems clean for now.

http://www.escapistmagazine.com/forums/jump/18.291570.11585170

I understand now. I just thought that Lulzsec, considering its previous public hacks, would take data and post it up like they did for the other attacks. DDOS is more a thing Anonymous is famous for. Thanks again for the information.

 

[Pointer]

Our sysadmins are still investigating whether or not any data was compromised during today's events. However, we have always worked hard to safeguard our user data to the best of our ability. In the event of any compromise of user data, all passwords are stored only in one-way encryption, and we do not collect any unnecessary personal information to associate with your accounts. Any e-commerce is accomplished through third parties, and therefore no payment information whatsoever is kept on the company server assets.

As pertinent information becomes available we will share it with you. Thanks for your patience through this unfortunate circumstance.

Thank you, I appreciate your quick and informative response and the actions that you guys are taking to handle the situation.