Support NeoGAF

[JMTHEFOX]

You don't fuck with Jeff fucking Gerstmann.

Shitty joke aside, I hope no one on RoosterTeeth is affected by the hack.

This gave me a chuckle.

 

[Myggen]

Not to mention it's always better to assume the worst in these cases and assume if information was accessed it's always possible that at some point present or future it may be decrypted, hence the messaging.

Have they said yet whether or not the breach was related to that threatening post in the subreddit this morning? Someone was demanding RT fire Meg. It was removed pretty quickly.

I doubt they know why they were hacked, and they will probably never know. Seems unlikely that it was connected to some Reddit post, but it's always impossible to "disprove" anything like that when the real reason is unknown.

 

[Rated-G]

I doubt they know why they were hacked, and they will probably never know. Seems unlikely that it was connected to some Reddit post, but it's always impossible to "disprove" anything like that when the real reason is unknown.

True. It just felt like a weird coincidence given how off of a day it's been with all of this.

 

[EdibleExplosives]

Have they said yet whether or not the breach was related to that threatening post in the subreddit this morning? Someone was demanding RT fire Meg. It was removed pretty quickly.

I find it pretty weird that most of the anger is towards Meg and Ryan, yet Gus is the one who specifically mentions Jeff.

 

[Breads]

Follow the money.

 

[Felix Lighter]

I feel your pain, Matt. That UI, why?

 

[Fat4all]

Follow the money.

 

[Voror]

Irritating but already changed now. I suppose I'll know soon if I start getting weird emails on this one or something but hopefully nothing bad comes of it.

 

[Wellscha]

Irritating but already changed now. I suppose I'll know soon if I start getting weird emails on this one or something but hopefully nothing bad comes of it.

Hi VOROR!

Pls send me money otherwise I tell your fb you were on Ashely Madison. <3



Shitty jokes aside, I hope no one is affected badly by it.

 

[Friction]

sure, it's joking. but if i were jeff, and i poked around the internet and saw this happen and then a string of gifs of myself laughing, i would be pretty annoyed



i mean, it doesnt have to be one or the other
i just think the constant jeff gifs is kind of shitty. i wouldn't appreciate that, at all, if i were him. im sure he wants NOTHING to do with this

I pretty sure Jeff wouldnt mind or accurately care much. he understands the internet.

 

[sirap]

Stop trying to put the blame on anyone other than RT. Seriously, storing user information in a plain text file?

 

[rainking187]

Stop trying to put the blame on anyone other than RT. Seriously, storing user information in a plain text file?

I don't know where this came from. There's absolutely no reason to believe that the passwords were stored as plain text. People keep jumping to the absolute worst possible situation based on absolutely nothing.

 

[Quote]

I don't know where this came from. There's absolutely no reason to believe that the passwords were stored as plain text. People keep jumping to the absolute worst possible situation based on absolutely nothing.

The main post on RT doesn't mention encryption whatsoever which is something you'd want to mention if it was there in this scenario.

Though, the author did post this in the comments

The passwords were encrypted. Adam is making a post later today about the details.

So, it looks like at the very least e-mails and account info was not encrypted.

Also, it's not the user responsibility to control the PR spin, if it was encrypted, they should have stated so in the original post to quell fears. You announce that your users data was breached, you should do what you can to inform them exactly what is at stake.

 

[Nif]

I don't know where this came from. There's absolutely no reason to believe that the passwords were stored as plain text. People keep jumping to the absolute worst possible situation based on absolutely nothing.

If the passwords were visible "passwords may have been viewed" means that they were unencrypted, which means they were either plain text or might as well have been.

People should take this with some levity instead of bitching about gifs (have you been in a neogaf thread?) This is probably not the first time your data's been viewed, and it will probably not be the last. The best thing you can do to prevent these kinds of situations from affecting you is to get a password manager and generate passwords for everything instead of using one password for everything. Also don't sign up for frivolous game websites with your main email. Keep a backup spam address for that kind of thing.

 

[Palculator]

No HTTPS and unhashed passwords.

Doing a good job.

 

[Mad Season]

legit question.... is neogaf user info pretty well protected?

 

[Quote]

legit question.... is neogaf user info pretty well protected?

They use MD5 hash I believe.

 

[br0ken_shad0w]

Ha joke's on them, I already got my personal info stolen courtesy of half a dozen stores, T-Mobile, and the US government.

 

[Palculator]

They use MD5 hash I believe.

Over an unencrypted connection, so...

 

[Quote]

Over an unencrypted connection, so...

Haha, yeah. I actually researched this and funny enough I got this information from one of your posts.

 

[Palculator]

Haha, yeah. I actually researched this and funny enough I got this information from one of your posts.

That thread was mostly us looking at the source code of the login form, which didn't inspire much confidence. The good part appears to be that, no, our passwords won't just get leaked in plaintext if GAF's servers are attacked, but the logins themselves aren't really secure since MD5 isn't and any attacker can get all information they need because both hash and their little security token are getting sent unencrypted. And even then the session cookie is sent equally unencrypted.

As I said, all of this could be bollocks due to us just looking at the login code for a little while. Would be great to get some actual clarification on this. If it's secure, no harm in explaining it.

 

[Jorok Goldblade]

Hack update:
http://roosterteeth.com/post/51187674

Short version: After review of the breach, Hackers did not gain access to user accounts, only staff accounts.