this post was submitted on 07 Nov 2024
95 points (97.0% liked)

Technology

59708 readers
1799 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 
  • Breach date: 16 October 2024
  • Date added to HIBP: 7 November 2024
  • Compromised accounts: 420,961
  • Compromised data: Email addresses, Usernames
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 7 points 3 weeks ago (1 children)

People commonly reuse the same usernames and passwords with an associated email. All that must be done is check breach data for matching email and username and then try the password from the list. You'll likely find more than a few will be a match

[–] [email protected] -1 points 3 weeks ago (1 children)

You are correct that people commonly reuse passwords. People are stupid after all. But in this case passwords weren't taken because they were encrypted, so all they've got is user names and email addresses.

From the sounds of it, the database was actually pretty secure the problem was the interface between the database and the website wasn't. Good news is because the database was secure not a lot of sensitive information has been leaked.

[–] [email protected] 0 points 3 weeks ago (1 children)

The comment you are responding to had meant that a bad actor can cross check other breached datasets for the emails and usernames leaked from Earth2.

Since people reuse not just passwords but emails too, one may get access to other accounts of the impacted users, potentially even to accounts which have not been breached.

[–] [email protected] 2 points 3 weeks ago* (last edited 3 weeks ago) (1 children)

Yes I appreciate that but what I'm saying is that there isn't really a reason to hack Earth 2 accounts.

Ostensively it is an upcoming game, It isn't it's just a crypto scam, that people have registered interest in but I don't believe there's anything they can actually do on the accounts yet. It's essentially just pre-registration.

So really all that anyone has got out of this is a list of email addresses they could use for phishing. It's not like they'll get any new passwords out of it to hack on other services such as email providers or bank accounts

[–] [email protected] 1 points 3 weeks ago

Looking at some of the news and discussion surrounding the game, it is clear that there are significant financial transactions involved.

The game is also four years old, well beyond the stage of mere interest checks.

It could be argued that the hack was carried out without a specific goal or knowledge of what data might be gained (as a display of hacking prowess, for instance). However, in this case, it’s clear why this particular game was targeted.

Whether or not the users “deserved” it is a separate discussion; one where I would agree with you. Many of the people involved may have been too trusting or gullible in their investments.