Announcement

**ra120271** · August 12, 2011, 06:33 AM

Can you please confirm that passwords are stored in the DB as encrypted hashes and not plain text. My account ID and email address have been compromised also.

Also I need to change my email address as I will be blocking the one used on this site by the end of the day.

BTW: Fix your privacy policy statement at the bottom of the web page.

**krendar** · August 12, 2011, 06:43 AM

Got the same mail. I wondered where they got the name of my druid, but I didn't think about that registered with that name here (krendar).

**dudedafool** · August 12, 2011, 07:21 AM

Got the Email regarding the mmolazy bot.

Hope this will be addressed quickly..

**cabby** · August 12, 2011, 07:24 AM

Either I just haven't been sent that email or my email service has some damn good spam filtering because I still haven't seen that email. I don't really think it's my email service since I still get spam emails for buying gold.

**lodion** · August 12, 2011, 08:10 AM

Originally posted by Zygor Support View Post

We are looking into this to see why they may have been able to send this email. Thanks for the concern and reporting this immediately.

Best practise in this case would be to immediately notify all customers that their details may have been leaked? Sony copped a roasting for their delay in notifying customers when PSN was hacked.

**cabby** · August 12, 2011, 09:22 AM

I think Sony got the roasting more for the massive downtime to their entire network of games more than for the delay informing the customers.

**ra120271** · August 12, 2011, 10:21 AM

Not informing customers about a breach in their privacy is definitely bad form. We should be informed,

what happened
what was personal information could have been taken
what steps have been taken to secure our information
what steps we need to take to protect ourselves

Were there other personal details in the DB hacked? Like blizzard account info, addresses, credit cards, etc.

**Cartman** · August 12, 2011, 11:47 AM

Most likely they only got the login name for this site and the e-mail address (unless the passwords are stored unencrypted).
They even don't have the real name, in the mail they doubled the nickname "hello Cartman Cartman".
Payment information may be stored by the payment processor (or are not stored at all), these information are not in the forum software (as this is a normal vBulletin page).

**wowvern** · August 12, 2011, 03:13 PM

I guess its time to invest in encryption software...

**overrideb1** · August 12, 2011, 05:34 PM

I got the same spam-mail (addressed to overrideb1 overrideb1). Since I use a "junk" account for all forums and not my main email account I'm not as worried as some people. The fact that they used my nick (twice) instead of my name suggests that they've only accessed username and email addresses rather than any personal information.

It might have been nice to have gotten an email from Zygor saying there was a possibility the forum had been hacked and that some personal data had been stolen, but I'm not going to get my panties in a bunch because it didn't happen. Comparing it to Sony's situation is a bit... over-the-top? Sony are a multi-national, multi-million - if not billion - dollar company. They have the resource to stamp all over the problem, flood the world with emails, and get it fixed real quick. (The fact they didn't is hardly germane to this discussion). Zygor are a small company with limited resource and a small number of employees. Bombing everyone with emails and fixing the problem may have been a mutually exclusive use of resource.

**lodion** · August 13, 2011, 01:17 AM

I've received notification from another forum I'm on that they were recently hacked. As a precaution they've changed all passwords for all users.

Better to tell customers and do something about it than stick your head in the sand and hope nothing important was taken.

**kinsten** · August 13, 2011, 04:56 AM

I think we already have multiple confirmation that the forum has been hacked,

there's no denying it

I received the same email as everyone else with my account name in the email, which is only linked with Zygor forum.

Our login name and passwords could have been stolen.

I don't know how many customers there are but it must be 20k plus.

It is possible that some people will use the same password that they use with zygor with their wow accounts, and the hacker sent WoW related spam so lots of customer's wow accounts are at stake here.

as someone already mentioned not informing customers about a breach in their privacy is definitely bad form,

it has already been several days since we confirmed this.

Time is of the essence.

**kinsten** · August 13, 2011, 05:09 AM

Originally posted by cabby View Post

I think Sony got the roasting more for the massive downtime to their entire network of games more than for the delay informing the customers.

I dont know about that... you really think people are more angry at not being able to play their video games then the possibility of their personal information being stolen and used ?

**cabby** · August 13, 2011, 05:42 AM

Maybe that's a 50/50 thing. I know that personally I was more upset at not having access to games that I paid a monthly subscription to and being left in the dark about when I'd be able to gain access to those games again. At the time it was reported to us that the information that had been compromised was for their European customers which put me at a very low risk of my information being compromised. It was easy for me to just keep an eye on my banking stuff, and I never saw anything (still haven't) that would indicate any problems for me (I'm in the US). So for me, and I'm pretty sure 95% of Sony's US customer base, our biggest problem was lack of information on the server status and no access to what we paid for. I know Sony tried to make some token reimbursements for that lost time but they lost quite a few of their subscribers (myself included) because we couldn't access what was paid for and after the initial disclosure of the theft we were once again left in the dark trying to guess when we might be able to play again.

**lodion** · August 13, 2011, 07:34 AM

Originally posted by cabby View Post

Maybe that's a 50/50 thing..

If that were true Sony wouldn't be offering to pay for 1 year of identify theft monitoring for all PSN customers.

Either way it isn't relevant. Our Zygor account details being obtained don't interfere with our access to the guides we already have. HOWEVER it may well pose serious problems for people reusing passwords etc. Zygor needs to inform all customers ASAP of exactly what information has been obtained by a third party. Anything short of immediate and full disclosure is just bad form. I really don't see why they have not already informed their users. Zygor and co are usually very up front with issues affecting their guides, why not with something more important?

Announcement

is Zygor been hack??

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment