Square-Enix hacked

[quantumsaint]

http://kotaku.com/5867911/square-enix-gets-hacked


Square Enix Gets Hacked
Publisher Square Enix has announced that, following the discovery that somebody "may have gained unauthorized access to a particular Square Enix server", the company's members service has been brought offline in both Japan and the United States.

Thankfully, for those with Square Enix members accounts, Square said, "There is no possibility of any credit card information leak from this incident, since the server in question stores no credit card information."

It's estimated the downtime will last for a few days while Square investigates and patches up the holes.

You can read the full statement below.

We have reason to believe that unknown parties may have gained unauthorized access to a particular Square Enix server related to the free SQUARE ENIX MEMBERS service offered in North America and Japan. In response, Square Enix, Inc. has temporarily suspended operation of the SQUARE ENIX MEMBERS service starting at 10PM (PST) on December 12, 2011.

We are assessing the full extent of this potential breach to determine what data, if any, was compromised and will provide more details as soon as possible. While some personal information may have been accessed, we can confirm that there is no possibility of any credit card information leak from this incident, since the server in question stores no credit card information. We estimate that the suspension will continue for a few days until we complete our investigation and counter-measures. We will update you as we learn more.

We sincerely apologize for any inconvenience caused by the temporary suspension of the SQUARE ENIX MEMBERS service. We take data security extremely seriously and we regret any inconvenience this may have caused our customers and fans. We appreciate your patience and support at this time.

Hide yo kids, etc...

But on a serious note, probably time to change those passwords, boys and girls.

[zaviermhigo]

nice 666 posts quantumsaint, the irony.

[Richard_BG]

But on a serious note, probably time to change those passwords, boys and girls.

so that people wont be able to steal our accounts that are worth nothing?

[quantumsaint]

so that people wont be able to steal our accounts that are worth nothing?

Yeah. I don't want some guy logging in and dressing my avatar unfashionably. I mean, can you imagine the egg on my face?

[Bahn]

so that people wont be able to steal our accounts that are worth nothing?

I think he might have also meant change your passwords OUTSIDE of XIV.

Ideally, you're not supposed to use the same password for everything, but humans are naturally lazy, and I'm sure a good chunk of forum goers use the same password for every login they use. Yes it's foolish, but it happens way more than you think. Ever wonder why when Kotaku/Gawker got hacked it caused an uproar (not only because of their silly security practices)? It's because a lot of stupid people who post there (which is a good number, considering it's Kotaku) used the same username and password for everything, and therefore left themselves a HUGE target for account theft in venues outside of Gawker sites.

Before you ask, I obviously use a separate password for this game and many sites that I consider are "mission-critical". Some people don't.

[quantumsaint]

I think he might have also meant change your passwords OUTSIDE of XIV.

Ideally, you're not supposed to use the same password for everything, but humans are naturally lazy, and I'm sure a good chunk of forum goers use the same password for every login they use. Yes it's foolish, but it happens way more than you think. Ever wonder why when Kotaku/Gawker got hacked it caused an uproar (not only because of their silly security practices)? It's because a lot of stupid people who post there (which is a good number, considering it's Kotaku) used the same username and password for everything, and therefore left themselves a HUGE target for account theft in venues outside of Gawker sites.

Before you ask, I obviously use a separate password for this game and many sites that I consider are "mission-critical". Some people don't.

Yeah. Isn't that how FFXI players got hacked? Using their same account password with phishers posing as fan sites? I'm guilty of using the same password or permutations of it for most things. Of course, banking and the like I use more unique passwords, but still, there are those that don't who should change their passwords.

Kind of off-topic: Go ahead and take my identity, hackers. Just found out yesterday I'm being sued for $1500. My credit sucks...

[Atoli]

Ideally, you're not supposed to use the same password for everything, but humans are naturally lazy, and I'm sure a good chunk of forum goers use the same password for every login they use.

It's less about being lazy and more about just how much you can remember.
There's a limit to "good" passwords you can remember, good like in..has numbers and special signs in it and is not a word in a dictionary and is at least 15 letters long and has also several BIG and small letters..hm..now that I think about it, that's probably where the stupid way some teens write nowadays has originated from ($wEe7_6IrL-13 and stuff like that =_=)

Well, I also have complicated and different passwords for important accounts,
but I use the same one for stuff like..ask.com or some FF fan forum I visited once.
It's just not worth the hassle.
Most things on the internet aren't.

Oh, ain't I affected by this hack anyways?
Since I'm neither from Japan nor North America?

[Bahn]

It's less about being lazy and more about just how much you can remember.
There's a limit to "good" passwords you can remember, good like in..has numbers and special signs in it and is not a word in a dictionary and is at least 15 letters long and has also several BIG and small letters..hm..now that I think about it, that's probably where the stupid way some teens write nowadays has originated from ($wEe7_6IrL-13 and stuff like that =_=)

Well, it's more about using common sense. I don't think "I can't remember my passwords" is a valid excuse to make when you have applications called Password Managers that can help you store these passwords without needing to remember them.

These password managers allows you to make ridiculous passwords for other sites and not have to remember them. Password managers are basically a database that you use to store all your passwords. A good free and reliable Windows one is called KeePass. A browser-based one is called LastPass. You use a "master password" that has reasonable security measures in it (1 digit, one uppercase, one lowercase, one special char, etc) which allows you to open up the database that contains all the passwords you stored. That way, you only have one password to remember (the "secure" one you made that is memorable). You then make up some complex passwords for these other sites and simply store them in this manager for reference. Put that password manager and its files on a flash drive and keep that flash drive in a handy place, and you're good to go. The database that contains all your passwords is heavily encrypted with AES 256-bit encryption and even if someone were to steal your computer, they wouldnt be able to hack open the database through normal means.

Another convenient way of keeping your passwords secure is to use one password that's somewhat secure and easy to remember for non-mission critical sites - i.e. sites where if you were to lose your account wouldn't hurt your security on your computer or IRL. So for places like Gawker and the FF14 forums, you use this password. If it gets stolen, big deal. They now have access to a bunch of forums and sites they don't give a crap about. Then you make individual passwords for your mission-critical sites - your banking, Twitter, Facebook, Gmail, etc.

That way, if some site you're trying to sign up for requires a password, you have your 'throwaway' password to use without having to worry about putting your important stuff at risk. Password gets hacked? Whoop dee doo for the hackers - they can now use an account that's on a random site they don't care about.

[Rowyne]

Hopefully the hackers made some improvements while they were in there.

[quantumsaint]

Hopefully the hackers made some improvements while they were in there.

A version update has been performed on your website.

Fixed an issue where clicking any link opens another tab.

Corrected an issue where users were forced to use outdated payment options. Payment will now go directly to our PayPal (don't worry, we'll cut S-E in).

An issue wherein all of the terrible games contained in the Members section were terrible has been corrected.

An issue wherein you had not been developing a high definition remake of Final Fantasy VII has been corrected. Here is the source code, all you have to do is ship it!

Known issues:

A bug wherein we scanned every database and could find no mention of Final Fantasy Versus XIII other than the trailers that had already been released so far has been discovered. Do we have to make this one for you too?


(Since someone will inevitably come along and point it out, I know games aren't kept on their servers, it's just a joke :P).