Jump to content


5 million gmail accounts and passwords leaked.


  • Please log in to reply
22 replies to this topic

s1oan #1 Posted 17 September 2014 - 09:54 AM

    Warrant Officer

  • Beta Tester
  • 44052 battles
  • 724
  • [250H3] 250H3
  • Member since:
    12-05-2010

As you probably know, 5 million gmail accounts and passwords were leaked a few days ago : http://money.cnn.com/2014/09/10/technology/security/gmail-hack/index.html

 

The owners of those accounts are from all over the world and Wargaming responded with this :

http://worldoftanks.ru/ru/news/pc-browser/11/new_action_protect_password/

 

WG realized that a lot of their customers use a gmail account to access all their games and they offered 300 gold to change the passwords... but only to the russian users! 

 

It's nice to see they care about customer security but it would be even nicer if you care about all their customers and not only a selected group.



Joat #2 Posted 17 September 2014 - 10:03 AM

    Warrant Officer

  • Player
  • 6109 battles
  • 889
  • Member since:
    07-29-2011

It's a list composed of mainly older lists that has been floating around the internet for a couple of years.

 

Analysis of the compromised accounts in the list has given that the passwords where not leaked from google, instead the passwords has been leaked from 3rd party sites where people have been using the same password as for their google-account which is A SERIOUSLY STUPID PRACTICE, DON'T DO IT!



TheLordFlasheart #3 Posted 17 September 2014 - 10:14 AM

    Staff Sergeant

  • Player
  • 13169 battles
  • 337
  • Member since:
    01-02-2013
Why should Wargaming offer it to all servers, when it was just the RU server was involved?

s1oan #4 Posted 17 September 2014 - 10:29 AM

    Warrant Officer

  • Beta Tester
  • 44052 battles
  • 724
  • [250H3] 250H3
  • Member since:
    12-05-2010

View PostJoat, on 17 September 2014 - 10:03 AM, said:

It's a list composed of mainly older lists that has been floating around the internet for a couple of years.

Analysis of the compromised accounts in the list has given that the passwords where not leaked from google, instead the passwords has been leaked from 3rd party sites where people have been using the same password as for their google-account which is A SERIOUSLY STUPID PRACTICE, DON'T DO IT!

 

The real problem is that even if you used a different password for the game, you can reset it from WG webpage and an email is sent to that gmail account with the information necessary to reset it.

 

View PostTheLordFlasheart, on 17 September 2014 - 10:14 AM, said:

Why should Wargaming offer it to all servers, when it was just the RU server was involved?

 

Please read the first message : "The owners of those accounts are from all over the world". Al lot of people used a gmail account to register in Wargaming, even non russians.

 

 



Outlawz0111 #5 Posted 17 September 2014 - 10:31 AM

    Warrant Officer

  • Player
  • 4351 battles
  • 749
  • Member since:
    03-30-2014
Should we change our passwords again?.

WolFie90 #6 Posted 17 September 2014 - 10:31 AM

    Warrant Officer

  • Player
  • 24128 battles
  • 749
  • [EST-D] EST-D
  • Member since:
    05-30-2012
Ocasional password change should be mandatory anyway.
Some gold to encourage it would be nice. WG does not lose a dime with giving away 300 gold for that once in ... let's say 6 months.

lonigus #7 Posted 17 September 2014 - 10:32 AM

    Lieutenant General

  • Player
  • 32631 battles
  • 7,996
  • Member since:
    09-26-2011

View PostTheLordFlasheart, on 17 September 2014 - 11:14 AM, said:

Why should Wargaming offer it to all servers, when it was just the RU server was involved?

 

This makes no sense... Like only Russians use gmail for their WoT accounts? XD

Outlawz0111 #8 Posted 17 September 2014 - 10:36 AM

    Warrant Officer

  • Player
  • 4351 battles
  • 749
  • Member since:
    03-30-2014
If they give 300  gold to change password i will do it but if not then stays the same and my password was recently changed this year anyway so of the leaked accounts that are 2 years old. 

Amkal #9 Posted 17 September 2014 - 10:42 AM

    Second Lieutenant

  • Player
  • 25552 battles
  • 1,007
  • [-BSF-] -BSF-
  • Member since:
    08-26-2012

Afaik, passwords leaked not from gmail but from mail.ru

So eu players should be safe



Baldrickk #10 Posted 17 September 2014 - 10:46 AM

    Field Marshal

  • Player
  • 29905 battles
  • 14,096
  • [-TAH-] -TAH-
  • Member since:
    03-03-2013

View PostAmkal, on 17 September 2014 - 11:42 AM, said:

Afaik, passwords leaked not from gmail but from mail.ru

So eu players should be safe

This.

 

Unless you have an account with mail.ru



SanyaJuutilainen #11 Posted 17 September 2014 - 10:47 AM

    Lieutenant

  • Player
  • 20812 battles
  • 1,876
  • [GUP] GUP
  • Member since:
    04-15-2011
LastPass and 2-step verification on my GMail account. It's possible I might still get hacked (it happens) but I am inclined to believe I won't. GL.

Danger__UXB #12 Posted 17 September 2014 - 10:57 AM

    Major

  • Player
  • 9590 battles
  • 2,566
  • Member since:
    03-07-2013

This is nothing new...Google did it years ago and got away with ithttp://www.dailymail.co.uk/sciencetech/article-2137145/Google-KNEW-harvesting-emails-passwords-Street-View-drive.html

 

In most cases it is just to make money of your detailshttp://www.huffingtonpost.com/2013/09/05/gmail-ads-email-scanning_n_3871246.html

 

Its a well known and blatent buisinesshttp://www.clickz.com/clickz/column/1699828/tips-selling-ads-email-newsletters-part...

 

 

As for them being leaked??....This probably means they had already been sold to a third party anyway (Advertisers etc)...This is how we end up with spam in our emails

 

..Just try to be regular in changing 'ALL' your passwords and you should be ok



bggeneral #13 Posted 17 September 2014 - 11:02 AM

    Captain

  • Player
  • 33365 battles
  • 2,145
  • Member since:
    04-15-2013

View PostOutlawz0111, on 17 September 2014 - 12:31 PM, said:

Should we change our passwords again?.

 

Generaly speaking - YES.

It is good to chamge your password as frequently as it is possible. At least once per 2 weeks.

But it is not mandatory, the choise is yours.

 



kinq1 #14 Posted 17 September 2014 - 11:15 AM

    Lance-corporal

  • Player
  • 64236 battles
  • 58
  • [RF_S] RF_S
  • Member since:
    02-08-2011
Put your email here https://haveibeenpwned.com/ and check if it needs to change password.

SanyaJuutilainen #15 Posted 17 September 2014 - 11:16 AM

    Lieutenant

  • Player
  • 20812 battles
  • 1,876
  • [GUP] GUP
  • Member since:
    04-15-2011

View Postbggeneral, on 17 September 2014 - 12:02 PM, said:

 

Generaly speaking - YES.

It is good to chamge your password as frequently as it is possible. At least once per 2 weeks.

But it is not mandatory, the choise is yours.

 

 

That's way too paranoidly frequent, if you use a unique password with a reasonable strength.

Reasonable strength: tough to guess it right away.
Unique p/w: Spares your other accounts in case of DB leak.

If there's a DB leak, the frequency doesn't matter anyway - they are going to either abuse your stuff at the same moment and you can't prevent it, or they are just going to provide your pass somewhere and in that case the leak will get likely published and you can change your p/w then.

jabster #16 Posted 17 September 2014 - 11:28 AM

    Field Marshal

  • Beta Tester
  • 12535 battles
  • 23,057
  • [WSAT] WSAT
  • Member since:
    12-30-2010

View PostNya_Chan, on 17 September 2014 - 11:16 AM, said:

 

That's way too paranoidly frequent, if you use a unique password with a reasonable strength.

Reasonable strength: tough to guess it right away.
Unique p/w: Spares your other accounts in case of DB leak.

If there's a DB leak, the frequency doesn't matter anyway - they are going to either abuse your stuff at the same moment and you can't prevent it, or they are just going to provide your pass somewhere and in that case the leak will get likely published and you can change your p/w then.

 

 

I kinda assumed that the password DB wouldn't be stored in plain text.

 

Edit: Just to make it clear, I'm not saying it's not a problem but it's not as simply as they got the DB therefore they've got my password.


Edited by jabster, 17 September 2014 - 11:44 AM.


SanyaJuutilainen #17 Posted 17 September 2014 - 11:45 AM

    Lieutenant

  • Player
  • 20812 battles
  • 1,876
  • [GUP] GUP
  • Member since:
    04-15-2011

View Postjabster, on 17 September 2014 - 12:28 PM, said:

 

 

I kinda assumed that the password DB wouldn't be stored in plain text.

 

For most of them, they can be decoded or guessed from rainbow tables and other techniques, supposed it was in some previous leaks in years before (even from different user).
Of course, if the pass encryption is good and your pass is something like 15 letter long string of letter, numbers and symbols, you probably don't have anything to fear even if it leaks :)

jabster #18 Posted 17 September 2014 - 11:52 AM

    Field Marshal

  • Beta Tester
  • 12535 battles
  • 23,057
  • [WSAT] WSAT
  • Member since:
    12-30-2010

View PostNya_Chan, on 17 September 2014 - 11:45 AM, said:

 

For most of them, they can be decoded or guessed from rainbow tables and other techniques, supposed it was in some previous leaks in years before (even from different user).
Of course, if the pass encryption is good and your pass is something like 15 letter long string of letter, numbers and symbols, you probably don't have anything to fear even if it leaks :)

 

If you use a good salt, again I presuming this is the case, then the problem is drastically reduced. Of course there's always the possibility that WG don't really know what they're doing.


 



2Tee2 #19 Posted 17 September 2014 - 11:55 AM

    Lieutenant Сolonel

  • Player
  • 24143 battles
  • 3,401
  • Member since:
    02-20-2014

View Postlonigus, on 17 September 2014 - 11:32 AM, said:

 

This makes no sense... Like only Russians use gmail for their WoT accounts? XD

 

the actual story is that accoutns on a major ru mail provider were compromised

2Tee2 #20 Posted 17 September 2014 - 11:58 AM

    Lieutenant Сolonel

  • Player
  • 24143 battles
  • 3,401
  • Member since:
    02-20-2014

View PostNya_Chan, on 17 September 2014 - 11:47 AM, said:

LastPass and 2-step verification on my GMail account. It's possible I might still get hacked (it happens) but I am inclined to believe I won't. GL.

 

or even better

3-way -- stay off google :D

 






1 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users