A Series of Hacked Servers: From League of Legends to Last.fm

hacker

A series of data breaches have recently been reported.  Last week, it was reported that LinkedIn and eHarmony were breached were in users’ password, and possibly usernames, were acquired by hackers.  Over 6.5 million LinkedIn accounts and 1.5 million eHarmony accounts were said to be compromised.  The two have already prompted their users to change their passwords immediately.

But those breaches are just the tip of the iceberg as more are reporting that their data were acquired by hackers.

Last.fm

London-based music website, Last.fm, reportedly suffered a security breach when the site was made aware that hashes, cryptographic strings for passwords, of their users were posted in a password cracking forum.

“Earlier this week, Last.fm received an email that let us know a text file containing cryptographic strings for passwords (known as “hashes”) that might be connected to Last.fm had been posted to a password cracking forum,” said Last.fm’s product chief Matthew Hawn in a post.  “We immediately checked the file against our user database and, while this review continues, we felt it was important enough to act on.

“We immediately implemented a number of key security changes around user data and we chose to be cautious and alert Last.fm users. We recommend that users change their password on Last.fm and on any other sites that use a similar password. All the updated passwords since yesterday afternoon have been secured with a more rigorous method for user data storage.”

The breach possibly happend a few months back when some Last.fm users expressed their concerns that they think their account was breached as they reportedly been spammed at e-mail addresses used only on the site.  The breach was believed to have happened sometime between February or March.  Last.fm is continuing their investigation into the matter.

LoL hacked, again

Riot Games, the developer of League of Legends–a popular real-time strategy game, announced that data from their European servers were stolen by hackers.

“Hackers gained access to certain personal player data contained in certain EU West and EU Nordic & East databases,” Riot Games founders Marc Merrill and Brandon Beck wrote in a blog post on Saturday.

Acquired data includes email addresses, encrypted passwords, player names and dates of birth but no billing information were reportedly acquired by the hackers.  Not only that, a small number of LoL gamers, unfortunately had their first and last names, and encrypted security questions compromised.

Last year, LoL was a victim of a DDoS attack initiated by Lulzsec, a notorious hacker later revealed as a turncoat for the FBI working to trap his fellow hackers.

Merrill and Beck wrote in the post that they store user passwords in encrypted form but some passwords were just too easy to crack.

Stolen laptops compromised data of thousands of customers

The Glasgow City Council reported a break-in last month where in two laptops were stolen.  One of the stolen laptops contained personal information and bank account details of thousands of people and businesses.  The council is now in the process of contacting 37,835 affected customers.

“We are in the process of writing to the people affected by this theft to alert them to the data loss and offer them advice about what steps they might need to take,” said the council spokesman.

“We’ve also provided them with a phone number they can use to contact us if they have any questions.

“We are sorry that this has happened and apologise for the inconvenience it has caused. Anyone with any information on the theft should contact Strathclyde Police.”

The spokesman warned customers that no one from their office would call their homes and ask for personal information such as banking details.

UNF breach may affect current and former students

The University of North Florida locked down their servers after a database containing current and former students’ information was suspected to have been compromised.
The information acquired included 23,246 names as well as Social Security numbers of people who submitted a housing contract between 1997 and the spring of last year.

The UNF is now in the process of informing more than 23,000 people about the breach.  They are also offering information on their FAQ page about the incident, explaining what transpired and what they’ve done to keep the situation under control.