By John Walker on October 11th, 2012 at 12:00 pm.
You’re familiar with the routine by now. If you’ve got a World Of Tanks account and bought anything, to be sure change your password, and any passwords associated with it. And if you’re still not using unique passwords per account, go change all the others too. PlaySpan, the software World Of Tanks uses for financial transactions in WoT and a thousand other games, has been compromised, with two million account details put online. That’s usernames, email addresses, and encrypted passwords. Credit card details are believed not to have been accessed, but obviously keep an eye on your bills.
Of the two million leaked accounts, PlaySpan told Polygon that 117,000 of them are active. But it means that anyone who’s used the system in any game needs to go make sure they’ve cleared up after this. There’s some confusion about exactly which portion of PlaySpan was compromised, and what exactly has been effected, but just be on the safe side.
Wargaming.net, they behind World Of Tanks, issued a statement explaining that the PlaySpan Marketplace is separate from the VISA PlaySpan payment system, and it was only the former that was hacked. But they also make it clear that their own servers were not compromised in any way.
Currently PlaySpan have shut down their marketplace, and all accounts have been locked, to ensure no further naughty business can take place. That’ll likely be the case until they’ve figured out how it happened to ensure it can’t again.
Apparently a few other sites initially reported that EVE, Runescape and Guild Wars 2 were affected by the breach, but it has been made clear this isn’t the case.
11/10/2012 at 12:28 Duckee says:
So that is how someone in the Wuhan province in China tried to access my Guildwars 2 account the other day. Bastards.
11/10/2012 at 13:00 Sheng-ji says:
Did you get an email asking you to confirm that you are trying to access the game from a new computer?
11/10/2012 at 16:16 Duckee says:
Yes.
11/10/2012 at 12:33 Davee says:
Figures.
But from what I can gather; only having used the PlaySpan payment system through other games (like APB or WoT) one is not necessarily registered on the affected site (‘Marketplace’) and thus not in jeopardy? Then what is the ‘Marketplace’ used for?
11/10/2012 at 12:50 Mattressi says:
Yep, from what I’ve read, most people who’ve bought WoT gold probably don’t have to worry – it’s only those who specifically created a Playspan account (which is not necessary to buy WoT gold). I never used the Marketplace, so I’ve got no idea what it’s for.
11/10/2012 at 12:34 Koozer says:
I have no idea what this marketplace thing is, but I’ve changed passwords anyway. I liked that password :(
11/10/2012 at 13:07 mike2R says:
Yeah, it wasn’t bad.
- Sent from your iphone.
11/10/2012 at 14:45 battles_atlas says:
Striker!
11/10/2012 at 12:43 ElvisMZ says:
Use Lastpass everyone!
11/10/2012 at 12:51 1Life0Continues says:
I use KeePass with the optional KeeFox plugin. Little bit fiddly, but I feel a bit safer having my password database encrypted and secured locally rather than online, with a backup database on a USB key, updated weekly.
11/10/2012 at 13:37 frightlever says:
I use those but keep the Keepass database in a Dropbox folder – yes yes I know, but the database is protected with a long nonsense passphrase. Some passwords for banks etc are only kept in my head.
11/10/2012 at 14:36 1Life0Continues says:
I like the extra layer/s of security. My database is protected with a random file on my computer and a passphrase, so the database can’t be compromised even if you get a hold of it.
So that makes it a little safer to store online, I guess I just like to serve my paranoia about it and prefer not to.
But KeePass is fantastic. And free and Open Source too, which is a big bonus.
11/10/2012 at 15:15 SominiTheCommenter says:
I used this setup too, and sync the password file to SpiderOak, which encrypts the info before uploading to the cloud. Paranoia doesn’t hurt me when it comes to security.
11/10/2012 at 12:54 VeliV says:
Correct me if I am wrong but doesn’t this mean that only if you registered to playspan, you are affected? That’s the usernames, email addresses, and encrypted passwords of playspan marketplace, not WoT.
11/10/2012 at 13:23 Deadfast says:
Correct. Unless you used PlaySpan to pay for WoT stuff (or any other stuff) the hack does not affect you.
11/10/2012 at 13:06 plugmonkey says:
In other news, the Version 8 update with the new physics appears to have gone live without me noticing.
Downloading it now.
11/10/2012 at 13:16 Dozer says:
Obligatory video.
http://www.youtube.com/watch?v=fVz1VVWcF5U
11/10/2012 at 13:49 4th Dimension says:
If you are a WOT player and haven’t ever registred at PlaySpan you are safe. Official response: http://forum.worldoftanks.eu/index.php?/topic/161730-playspan-buying-wot-gold-compromised-passwords-stolen/page__st__20#entry2958949
11/10/2012 at 13:49 Gundato says:
As I always say:
Go download and start using Keepass
Go use an online backup service like Spideroak
The former creates an encrypted file where you can store all your passwords. The latter encrypts the files and stores them in the magic cloud.
11/10/2012 at 14:25 Gurrah says:
Care to explain the process? I don’t understand how saving an entire database full of your passwords, albeit encrypted, on a cloud-server is helping security. Sure the cloud-provider tells you it’s all safe and dandy, but that’s what all the companies that have been hacked in the last couple of months told us as well. Wouldn’t it be better to store it on a USB device? I’m genuinely interested here, because it’s getting more and more difficult to come up with new passwords that are safe and at the same time easy to remember.
11/10/2012 at 14:40 Zunt says:
Well I use LastPass, but the principle is the same (cloud storage).
You get an extension that sits in Chrome, Firefox, etc, that handles all the normal detecting webpages that are asking for usernames and passwords, and filling them in. This stores all your password details in an encrypted file on your local device, and you need a (preferably huge) passphrase to get at it. It’s the encrypted file that’s uploaded to the cloud so it’s available to your other computers, phones, etc. All the cloud storage people ever see is that file which is usually encrypted with a military grade cipher (e.g. AES).
I started using LastPass about a month ago and am finding it very useful. Features such as having it (locally) rootle through your passwords to find duplicates is extremely useful.
11/10/2012 at 15:18 SominiTheCommenter says:
That’s because SpiderOak store its files encrypted, and only you have the key, so if they are hacked and files are obtained, the hacker still doesn’t have the key to decrypt the file neither the key to enter the Password file. It’s two layer of encryption.
11/10/2012 at 15:33 oddshrub says:
This is the lamest headline ever.
I mean world of tanks wasn’t anymore affected than your gmail, your hellokittyonline account or whereever else you used your exact playspan login information.
But thanks for scaring me over absolutely nothing.
11/10/2012 at 15:55 Mattressi says:
You should see PC Gamer’s headline then! “World of Tanks market system hacked, account details leaked online”. I saw that headline and freaked out. At least RPS acknowledge that it was Playspan and that World of Tanks was simply affected (it would probably be too big a headline to say “World of Tanks affected in some cases” or, the more accurate, “World of Tanks has warned players in a statement, saying that some people who play World of Tanks may have been affected if they chose to make a Playspan account”). PC Gamer, on the other hand, make no mention of a third party and clearly state that it is WoT’s market system (when it is Playspan’s entirely separate market system) which was affected.
11/10/2012 at 17:37 Josh W says:
World of Tanks does financial transactions in other games? And I thought eve would be the first game to start a tentacled shadow economy.
11/10/2012 at 21:12 Hathore says:
We’d like to clarify this situation. The Wargaming payment services have not been compromised in any way. Playspan Marketplace (which is a service we don’t utilize) emails and encrypted passwords were compromised. For more information, please visit this link: http://worldoftanks.com/news/1679-playspan-security-breach/