Rumors are carried by haters, spread by fools, and accepted by idiots.
Developer of AntiGameReborn - Virgo.de #1
Developer of AntiGameReborn - Virgo.de #1
My foremost question is the following: how can players know whether or not they have been affected and has GameForge notified every single affected user that there has been a security breach wherein their personal information was compromised?
Not sure if you took the time to properly read the posts in this thread, but it's about passwords being leaked. I'm happy you got so excited after being able to click a download link and some html files, though.Not sure if you took the time to stroll through the data, but just for fun I did. And your claim is wrong.You can find, usernames, email addresses, previous email addresses (of people who have changed it) and IP addresses. I can currently tell you most of the BA/GO/SGO IP address since they are all listed there in a nice to read .xml format.You can find names of banned players, players that have received warnings (I know this is not so sensitive data, but it is data nonetheless.As far as user privacy is concerned, only email adresses of users on the .us board were leaked, as well as some support/ingame cases about some players.
I urge you to take the time to look into the data before commenting.
The post was edited 1 time, last by Troll ().
The this kind of data is only relevant to the .us boards in this matter, and all received the email cited above, those should check everything, yes. Luckily no other board or game was affected.
The post was edited 1 time, last by Mafkees ().
Right, but most of the people who received the cited e-mail probably have no idea what's going on. In all brutal honesty: given the declining trend in OGame player count over the past several years now, odds are the majority of the people who received that e-mail are no longer interested in OGame. Therefore it's not fair to presume they will visit the boards and proceed to plow through the ever-changing board layout in hopes of finding an official statement in the matter.The this kind of data is only relevant to the .us boards in this matter, and all received the email cited above, those should check everything, yes. Luckily no other board or game was affected.
A situation like this warrants an official statement where it is GameForge's obligation to try their best to actually reach the affected people. A short board post does not suffice. An extensive explanatory e-mail should be sent, using the same target list that the hacker did.
I'm sorry, we don't offer support for ogame anymore as the DPA prevents us
This statement would obviously be relevant, had the hack actually happened on the 14th of September when the boards were shut down in panic. But no, the hack was done several months back and thereby the data was already out there.
We put more emphasis on actually addressing the issue and fix the leak rather than posting more on Twitter about it!There was no hacking of any server sinvolved, however, "only" a compromised admin account. For further information please check your respective forum
Their statement is directly against gdpr regulations, where the user affected should be informed that their data was leaked.The lower level of fine, up to €10 million or 2% of the company’s global annual turnover, will be considered for infringements listed in Article 83(4) of the General Data Protection Regulation.
This includes infringements relating to:
- Integrating data protection ‘by design and by default’
- Records of processing activities
- Cooperation with the supervising authority
- Security of processing data
- Notification of a personal data breach to the supervisory authority
- Communication of a personal data breach to the data subject
- Data Protection Impact Assessment
- Prior consultation
- Designation, position or tasks of the Data Protection Officer
Well I assume no personal data was leaked the first few times else they should have told us due to strict legislation.
However apparantly something was obtained else it wouldn't have been a breach in the first place. Someone saw things. I share your concerns.
At least now they informed us on the other hand they had no choice. But I wonder what kind of legal implications this has because as Piink wrote, some people's personal information got out. And especially if you're staff it could be used against you for threats.
I'm curious as to how this plays out because as GameForge undoubtedly knows: due to recent European privacy law, companies face HUGE fines if they fail to report data breaches to the authorities. As far as I can tell, THAT is the accusation, the failing to report the breach to the authorities.
The fact that we were left in the dark by our CoMa, or at least that was the intention, honestly didn't come as a surprise to me.
Oh, here's the mail we all received by the way. I'm wondering if they will censor this or ban me for spreading the truth.
For the sake of board regulations I think it is safe to assume that the hacker gave me permission to share his PM
To Piink and gameforge if they ever bother to read this:
Why was this allowed to happen in the first place?
If you refeer to why did we allow to have the info leaked, that's something we do not allow. We did react when we realized the access was compromised right away on Friday 14th of September.
Why weren't we told straight away?
We took care of addressing and sealing the issue which for us was more important at the point we got the report. That was Friday night. The investigation run throughout the weekend and was done by people, not robots. People have limitations and lifes also on the weekend and not all resources are available during the weekend as they are during the week. In any case, by Monday afternoon the forums were available and the statement was done. We reacted as fast as we could.
Did anyone else get three emails in the space of 30 minutes?
The mail was sent to the US userbase. Do you have 3 multies there?
Whats going to happen now?
As this forum is not affected, nothing else will happen here. I really don't know what are you expecting from us here at ORG while the issue happened somewhere else. Please, if you have more concerns and are affected by this issue refeer to the US community.
What reassurances will we get so this doesn't happen again?
The same reassurance we can give you when we mention to keep your password safe at all times.
Why was it ogame.us and origin forums that were compromised? Is it because whoever got hacked had accounts on both of those forums?
Correct. But once again, Origin userbase was not leaked. Only information that is relevant for people working with OGame tools and OGame teams that should not be available for players.
Thundersheep, you are the ogame.us game admin, is there anything you can tell us on how seriously gameforge is taking this?
I'm not going to lie, I don't expect much from gameforge, if you research into how the CoMa on their other games such as Tera, soulworker etc are to their community well you'll understand.
I'm sorry to hear that. You should not judge all employees globally based on a single bad experience as I do not judge all players based on a single bad experience. We are individuals doing our job the way we think is best on our own way.
My biggest concern is not privacy, it is security. I have my bases covered personally but it is a given fact that many people use their passwords repetitively. The password to their OGame user account might very well be the same as their board accounts, and that same password might be used for their personal Facebook page, their e-mail address or even their online bank account. Please note that both OGame log-in data AND private e-mail addresses were compromised. In addition to repetitive password usage, most people use their actual e-mail inbox as a place of storage for passwords to other applications. The trouble some people might be in because of this is unimaginable.
I'm not surprised this happened, in fact only surprised it didn't happen sooner tbh
After all, some should remember what happened to Blackmass' Quantum account last year, who at the time was also .org's BA. Luckily, nothing happened to the boards that time.
Worse than having a problem, is to underestimate it and not deal with it properly. If nothing is done, this may not be the last case of security breaches...
No user data from Origin was mailed anywhere, just certain tools, guides/how tos, script discussions and other relevant info for any admin of OGame and their daily business in the community.