Guild Wars Forums - GW Guru - View Single Post

JR · Jan 23, 2010, 03:12 PM

Late Friday night the GuildWarsGuru database was accessed by an unknown third party. We caught it as it happened, but in that short space of time it appears they may have managed to obtain tables of user account information.

Their point of entry was a flaw in the WordPress software used to run the GuildWars2Guru.com front page. How they managed to get from there to the other databases is unknown right now, as it involved bypassing other security measures we have in place.

We've spent the 24 last hours tirelessly investigating what happened, patching up the exploit, and further strengthening security. It was important to inform the community as soon as possible, but we couldn't do that any earlier without advertising the sites vulnerability to others who may have more malicious intent.

So, what does this mean to you?

With the high incident of RMT hackings and phishing across MMO's rising we understand how serious this problem is, and the possible implications arising from this incident. Right now we assume the hacker's motivation was simply to obtain the list of email addresses, for the purpose of sending spam. That may seem fairly mundane, but there's a big market for that information.

Anything more sinister would require the hacker attempting to crack encrypted passwords. The investment required to do that seems to far outweigh the questionable return, though we can't rule it out. As such, we urge you to change your Guru, Guru Auctions and Guru 2 passwords and/or emails as soon as possible. We also urge you to change passwords and emails for any other site or service you log in to with the same information you use on guru.

We apologize for this unprecedented breach, and can only assure that your security is of the utmost importance to us. We are gamers as well, and are doing everything in our power to minimize the damage from this by informing our community openly. If you have questions or concerns please feel free to post them here, and we will do our best to address them as swiftly as possible.

To further protect your account please see guides on Phishing, Security, PlaySmart and Passwords.

Jan 23, 2010, 03:12 PM	#1
JR Administrator Join Date: Nov 2005 Profession: W/	Guild Wars Guru Security Notice Late Friday night the GuildWarsGuru database was accessed by an unknown third party. We caught it as it happened, but in that short space of time it appears they may have managed to obtain tables of user account information. Their point of entry was a flaw in the WordPress software used to run the GuildWars2Guru.com front page. How they managed to get from there to the other databases is unknown right now, as it involved bypassing other security measures we have in place. We've spent the 24 last hours tirelessly investigating what happened, patching up the exploit, and further strengthening security. It was important to inform the community as soon as possible, but we couldn't do that any earlier without advertising the sites vulnerability to others who may have more malicious intent. So, what does this mean to you? With the high incident of RMT hackings and phishing across MMO's rising we understand how serious this problem is, and the possible implications arising from this incident. Right now we assume the hacker's motivation was simply to obtain the list of email addresses, for the purpose of sending spam. That may seem fairly mundane, but there's a big market for that information. Anything more sinister would require the hacker attempting to crack encrypted passwords. The investment required to do that seems to far outweigh the questionable return, though we can't rule it out. As such, we urge you to change your Guru, Guru Auctions and Guru 2 passwords and/or emails as soon as possible. We also urge you to change passwords and emails for any other site or service you log in to with the same information you use on guru. We apologize for this unprecedented breach, and can only assure that your security is of the utmost importance to us. We are gamers as well, and are doing everything in our power to minimize the damage from this by informing our community openly. If you have questions or concerns please feel free to post them here, and we will do our best to address them as swiftly as possible. To further protect your account please see guides on Phishing, Security, PlaySmart and Passwords.