News Story: GameSalad accounts hacked and sold online

tatiangtatiang Member, Sous Chef, PRO, Senior Sous-Chef Posts: 11,947

Comments

  • jamie_cjamie_c ImagineLabs.rocks Member, BASIC Posts: 5,746
  • RowdyPantsRowdyPants Member Posts: 465
    edited March 2019

    Think of the energy put into security that could be saved if people were just honest.

    By the way, now is a great time to CHANGE YOUR PASSWORD peeps!

  • AlchimiaStudiosAlchimiaStudios Member Posts: 1,069

    Thanks for the heads up. Just changed my password, everyone should be doing the same!

    Follow us: Twitter - Website

  • pinkio75pinkio75 Member, PRO Posts: 979

    Thanks for this info i just change my password; but the publishing portal site is stuck for this reason? i mean i'm unable to compile or download any of my games... anyone have the same issue???

  • hirobagameshirobagames Member, PRO Posts: 15

    Same here publishing portal is not working i am getting no internets error.

  • adent42adent42 Key Master, Head Chef, Executive Chef, Member, PRO Posts: 2,002
    edited March 2019

    @hirobagames, @pinkio75 please try publishing / downloading now. The issue was due to us locking down the system after this breach, but missing some config updates.

    Everyone else. We are aware of the issue and are working on fixes. We should be getting an email out to everyone soon.

    1) If you use a strong password, you're likely safe. The breach did not include passwords for most people, just password hashes.

    2) That being said, if you use a weak/ common password (or even a strong password that is common), you might be vulnerable to a reverse hash lookup.

    If you're familiar with the phrase "hash", we don't store your password, we store what's known as a "cryptographic hash" of your password.

    An algorithm takes your password and converts it into a different string (the hash).

    There's no way to work backwards from the hash to your password via an algorithm, BUT hackers have started taking common passwords and hashing them. They then build dictionaries of these hashed passwords and can then look up the original password in these dictionaries.

    We are changing how passwords are hashed so that they will be much more difficult (impractical) to dictionary attack, but if you use a password that has been put into a hacker's dictionary, you are at risk.

    The other thing to note is that if you are vulnerable, you should change your password everywhere you use the same email address / username / password pair, as a competent hacker will start trying your discovered email / password combo on major services to see if they can get in.

  • pinkio75pinkio75 Member, PRO Posts: 979
    edited March 2019

    Hi and thanks for reply @adent42 , yes it' works fine for me; now i'm able to generate build etc; about the passw i've changed it yesterday.

  • AlchimiaStudiosAlchimiaStudios Member Posts: 1,069

    Thanks for the update @adent42

    Follow us: Twitter - Website

  • HypnorabbitHypnorabbit SingaporeMember, PRO Posts: 222

    Thanks for the update @adent42 - hope it's resolved.

  • muusimuusi Member, PRO Posts: 110

    Thanks for the heads up @tatiang !

  • joseaugustojoseaugusto Member Posts: 10
    edited March 2019

    Why on earth did you NOT SALTED the hashes?

    Please don't try to pass the blame on us for us having weak passwords.

    We would still be safe if you had just salted the hashes. (even after allowing the hackers in)

  • UtopianGamesUtopianGames Member Posts: 5,690
    edited March 2019

    We've had much worse, I remember when GS was hacked and all our files yes everything we uploaded to GS got into the wrong hands and he was selling it all for a pretty cheap price.

    DBA (if you guys remember us from back then) and one other who will remain nameless managed to get his name and address and proof he had all the files.

    We handed this info over to GS and they started criminal proceedings, makes me wonder if the new hacker got into the files?

  • LumpAppsLumpApps Member Posts: 2,878

    @adent42 said:

    Everyone else. We are aware of the issue and are working on fixes. We should be getting an email out to everyone soon.

    Hi there,
    Was this email ever sent. I didn't receive one. I got here via @PhilipCC who geve me a heads up.

    Thanks in advance.
    Ludwig

  • tatiangtatiang Member, Sous Chef, PRO, Senior Sous-Chef Posts: 11,947

    @LumpApps said:

    @adent42 said:

    Everyone else. We are aware of the issue and are working on fixes. We should be getting an email out to everyone soon.

    Hi there,
    Was this email ever sent. I didn't receive one. I got here via @PhilipCC who geve me a heads up.

    Thanks in advance.
    Ludwig

    Yes. See this for the content: https://forums.gamesalad.com/discussion/comment/610708/#Comment_610708

    New to GameSalad? (FAQs)   |   Tutorials   |   Templates   |   Greenleaf Games   |   Educator & Certified GameSalad User

  • LumpAppsLumpApps Member Posts: 2,878
  • samuisamui Member Posts: 6

    guys, use some protection tools

  • samuisamui Member Posts: 6

    I prefer to protect my privacy and use https://veepn.com/vpn-features/double-vpn/ which is good during internet surfing and visit different websites and foums.

Sign In or Register to comment.