Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

White Wolf hacked


cczernia

Recommended Posts

Posted

An online oscommerce store for roleplaying games (what can I say, I'm a big geek) was recently hacked. This is the message they put up on their site in regards to the situation. I was wondering if anyone else has had a similar problem or if their is anything we can do either code wise or just in general to avoid such situations.

 

Dear White Wolf Users,

 

Like many other well-known companies of the last few years, White Wolf was the target of an attack by international hackers this weekend. These hackers are now attempting to extort money from us with the threat of posting user data to the internet. We have no intention of paying this money, and are in contact with the FBI in an attempt to bring these criminals to justice.

 

We are choosing to make this public so that our users and fans can take any precautions needed to protect themselves. We are recommending that if you have used your White Wolf user password as the password for any other services you use on the internet, that you change them immediately.

 

These hackers were able to exploit a flaw in our software and access user data, this data included usernames, email addresses and encrypted passwords. As far as we can ascertain, they were unable to access any credit card data (nor have they claimed they did). However, it is possible for the encrypted passwords they accessed to be decrypted given enough time.

 

In addition, the site will be down for the next few days while we evaluate some of the software we are using and take appropriate action to help prevent future attacks.

 

We appreciate your patience and concern while we work through the details of this process.

 

In addition to this posting we will be emailing our userbase with this information. For correspondence regarding this, please direct all queries to [email protected] .

Shade and Sweet Water

Chris Czerniak

Posted
An online oscommerce store for roleplaying games (what can I say, I'm a big geek) was recently hacked.
From what I can still see in Google's cache the online store was only a part of their website. Are you certain the osC shop was hacked and not some other software package they were using?
Posted
From what I can still see in Google's cache the online store was only a part of their website. Are you certain the osC shop was hacked and not some other software package they were using?

 

They did have forums so I'm not sure. From the sounds of it they aren't sure how the hackers got in. Still, this kind of thing makes me nervous as I'm not up the latest security issues and would like to know more to protect my store and clients.

Shade and Sweet Water

Chris Czerniak

Posted

do THEY know how they were hacked? making assumptions won't do anything but make you go crazy ;)

 

their host could have been hacked

a disgruntled mod/admin could have done the deed

they could have neglected to protect their admin panel

they could have neglected to patch with the most recent ms2 updates

etc etc.

 

there's a plethora of different ways hacking can occur that has nothing to do with oscommerce directly.

Posted
They did have forums so I'm not sure

 

Which is why I always recommend not to have forums on the same domain. The mass mailers used in forums are a regular target for hackers - and once they're in they're in!

 

Vger

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...