Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Any recent hacked accounts from Southperry users?
Password was not a dictionary word. Recently reformatted. No suspicious sites, no suspicious programs. Happened Jan 15th. Also lost another, very inactive account[late '05?] while checking through to see if any others were compromised. PW also wasn't a dictionary word. Pins are different on all accounts.

As for the account stripped, they completely ignored my maker'd Blue Crescent Boots and left one of my zhelms. Karma'd away my HTP.

I had just passed Overswing 20 too. Was excited to level up. Lame.
Reply
Atuan Wrote:Password was not a dictionary word. Recently reformatted. No suspicious sites, no suspicious programs. Happened Jan 15th. Also lost another, very inactive account[late '05?] while checking through to see if any others were compromised. PW also wasn't a dictionary word. Pins are different on all accounts.

As for the account stripped, they completely ignored my maker'd Blue Crescent Boots and left one of my zhelms. Karma'd away my HTP.

I had just passed Overswing 20 too. Was excited to level up. Lame.

This was while you were offline, correct?

Or did they DC hack you while you were online, then perform to steal your account.
Reply
GameMX Wrote:This was while you were offline, correct?

Or did they DC hack you while you were online, then perform to steal your account.

Yeah, I was offline.
Reply
Typhoon Wrote:I have a question for anyone who was hacked. Were your passwords a word in the dictionary? Or random letters/numbers/symbols?

PM me if you don't want to say on here

My password was my dog's name and a bunch of random numbers ;-;. Bleh I thought being a poor ass weak lv100 hermit would save me from things like this, but it didn't. D;
Reply
Ladon Wrote:My password was my dog's name and a bunch of random numbers ;-;. Bleh I thought being a poor ass weak lv100 hermit would save me from things like this, but it didn't. D;

Out of morbid curiosity, if you enter your former password here to generate a MD5 hash for it, does that hash show up here as one that's been previously cracked?

Note If you don't find it already cross referenced at rednoize do not use rednoize to generate the hash or it automatically gets added to their cross reference and can then be instantly looked up, use alternate methods to generate your hash like I just asked for.
It's not having what you want - It's wanting what you've got.
Reply
Eosian Wrote:Out of morbid curiosity, if you enter your former password here to generate a MD5 hash for it, does that hash show up here as one that's been previously cracked?

Note If you don't find it already cross referenced at rednoize do not use rednoize to generate the hash or it automatically gets added to their cross reference and can then be instantly looked up, use alternate methods to generate your hash like I just asked for.

The hash for my safe accounts weren't found, but the ones for both compromised accounts were indexed.
pineapple me.
Reply
Wait, what does that mean? I mean, I know what a hash is and stuff but in the bigger picture what does that mean?
Reply
BombsAway Wrote:Wait, what does that mean? I mean, I know what a hash is and stuff but in the bigger picture what does that mean?

Whoever is doing this has their hands on our PW/PIN MD5 hashes. Looks like account IDs are stored in plaintext(?) because there are no hits on hashes for my ID. There were hits for both passwords, both pins of compromised accounts. No hits for safe ones.

:\
Reply
Hash not found.

Sarah, if the hash is in the rednoize database, that means they can find a password which generates the hash (which is how the password is stored in the database), granting you access to the account, assuming Nexon's DB got hacked.
Reply
Atuan Wrote:Whoever is doing this has their hands on our PW/PIN MD5 hashes.

If they have access to that, PINs provide zero security. There are only 10,000 possible values and all of them would be cracked...
Reply
BombsAway Wrote:Wait, what does that mean? I mean, I know what a hash is and stuff but in the bigger picture what does that mean?

Those hashes are the same format as Nexon's DB stores protected passwords in, and PINs are stored in plain text in the same table.
If all the people who were just walked through like I was also just happen to have their password in those cross reference/decrypt tables at rednoize (which mine apparently was as well, surprisingly) it increases the likelihood that the hacker had/has some way of retrieving all the password hashes and PINs. Granted there are sites other than rednoize, and independent rainbow tables also exist, but it's as good of a "quick sanity check" as we have available to us.

The more people who aren't in those tables, the better the odds that the hacker has some other method that didn't involve access to the database.

At the very least it gives a good idea how secure current/previous passwords are in the event of a DB breach. Anything that can be instantly looked up = zero security.
It's not having what you want - It's wanting what you've got.
Reply
Hash not found.

eosian Wrote:The more people who aren't in those tables, the better the odds that the hacker has some other method that didn't involve access to the database.

Are you saying that the above is a bad thing?
Reply
Eosian Wrote:Those hashes are the same format as Nexon's DB stores protected passwords in, and PINs are stored in plain text in the same table.
If all the people who were just walked through like I was also just happen to have their password in those cross reference/decrypt tables at rednoize (which mine apparently was as well, surprisingly) it increases the likelihood that the hacker had/has some way of retrieving all the password hashes and PINs. Granted there are sites other than rednoize, and independent rainbow tables also exist, but it's as good of a "quick sanity check" as we have available to us.

The more people who aren't in those tables, the better the odds that the hacker has some other method that didn't involve access to the database.

At the very least it gives a good idea how secure current/previous passwords are in the event of a DB breach. Anything that can be instantly looked up = zero security.

So do you suggest everyone (even the uncompromised currently) check to see if their passwords are on that site and if so can you give us sort of step by step walkthrough so that we don't accidentally get our passwords added to the list (you said that doing something would cause that but I'm a little to frightened to think clearly about such things)
Reply
Atuan Wrote:Whoever is doing this has their hands on our PW/PIN MD5 hashes. Looks like account IDs are stored in plaintext(?) because there are no hits on hashes for my ID. There were hits for both passwords, both pins of compromised accounts. No hits for safe ones.

Accounts & PIN are both stored in plain text, in the same table as the password hash.
Don't jump to conclusions until we have more than one or two people who were matched - Could just be a few people who had passwords that have been broken previously.

Takebacker Wrote:Are you saying that the above is a bad thing?

No, it's rather neutral. If your hash isn't found it means you've got a password that can't immediately be looked up, which is positive, but it also implies that some other method was used to bypass your pass/pin, which is somewhat bad for us, but honestly if you've already been hacked zeroing in on the how isn't going to be good or bad - it's already too late.

BombsAway Wrote:So do you suggest everyone (even the uncompromised currently) check to see if their passwords are on that site and if so can you give us sort of step by step walkthrough so that we don't accidentally get our passwords added to the list (you said that doing something would cause that but I'm a little to frightened to think clearly about such things)

Just follow the same instructions I originally posted - Create a hash at website #1 (or any other md5 generation site, or snippet that won't cache the cross reference), then check the hash at rednoize. The warning was that you don't want to create the hash at rednoize itself because any hashes it creates it automatically saves, making even the most perfect pass wide open just by having tested it. It's the equivalent of handing them the key to your armored truck full of cash to valet park it. Tongue

For anyone who's pass pops up - yeah, I'd recommend changing it, because if it's there, it's obviously one someone has thought of at some point and can lookup with zero effort.
It's not having what you want - It's wanting what you've got.
Reply
Typed my password in on that site, hash not found. Interesting.
Reply
Kawasari Mimoto Wrote:Typed my password in on that site, hash not found. Interesting.

You did it wrong, if that's exactly what you did.
You need to generate the hash of your password and look to see if the hash is in the reverse lookup, not just enter your plain text password there.
Reply
Nothing for me.
Reply
No hashes found, though I don't think I've been hacked... I haven't played in a year or so so...
Reply
BombsAway Wrote:Nothing for me.

Might also want to check your hash against these two sites, which are two google recommends for MD5 reversals:

http://gdataonline.com/seekhash.php
http://hashcrack.com/index.php

(On the latter, again, do not enter your password in the "Word" field or you will generate a hash for it and make it publicly breakable).
It's not having what you want - It's wanting what you've got.
Reply
Eosian Wrote:Might also want to check your hash against these two sites, which are two google recommends for MD5 reversals:

http://gdataonline.com/seekhash.php
http://hashcrack.com/index.php

(On the latter, again, do not enter your password in the "Word" field or you will generate a hash for it and make it publicly breakable).

Oh god, it was on gdataonline. And so is the one I just changed it to yesterday.
Reply


Forum Jump:


Users browsing this thread: 3 Guest(s)