Unplanned Maintenance 2nd November

By Merlin on November 2, 2011 at 9:09 pm EDT - Uncategorized

You may have noticed that we went into unplanned maintenance on the 2nd November for several hours. We shut the site down due to an intruder who managed to get access to our database via an exploit in a piece of 3rd-party software. We are not yet certain what data they obtained, but it’s possible that they gained access to your user accounts, including the hashed (encrypted) passwords.

When you next log on to the site you will be asked to change your password. Please do this right away! Furthermore, we highly recommend that if you use the same password on any other site, you change it there too. While they didn’t gain access to your actual password, given time they can reverse the hash and possibly gain your password.

We are truly sorry for this intrusion, and we’re taking every step possible to ensure that your data is safeguarded better in the future. We can’t discuss too much more about this hacking attempt at the moment because our investigation is still ongoing, but it seems to have been a very interesting attack with an unusual motivation. We’ll give you more info when we can.

Yours,

FGL Team.

 

6 Responses to “Unplanned Maintenance 2nd November”

  1. Jack - November 2nd, 2011 at 11:09 pm

    Cool, thanks a ton for looking into and good luck.

  2. kaolin fire - November 3rd, 2011 at 12:08 am

    Thanks for the info, and sorry to hear the root of the unplanned maintenance! Happily just a randomly generated one-time password for me.

    Any thoughts on how this might affect sponsors’ interest? Should we leave games in bidding longer?

    Intrigued by the “very interesting attack with an unusual motivation.” Also be good to know what that third party software was, if it was a current version of something that other sites might be using, so they can protect themselves….

  3. Jay C - November 3rd, 2011 at 12:23 am

    Maybe one of the developers of the site could comment on whether FGL has properly salted their hashed passwords database? If the proper precautions were taken regarding the password table reversing a hash by the simple dictionary (rainbow) table approach won’t work.

  4. Antriel - November 3rd, 2011 at 2:34 am

    no salt in hashes?

  5. RedBlack - November 3rd, 2011 at 6:56 am

    How is the attack interesting? and whats seems to be the motivation?

  6. DEBBIE ORTIZ - November 9th, 2011 at 12:21 am

    Nice!!!

    Flash game license team done are really great job and thanks for the information.

    Thank You….

RSS feed for comments on this post. - TrackBack URL

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>