Hackers Target PlaySpan's Real World Marketplace

[Karloff]

Hackers Target PlaySpan's Real World Marketplace

The PlaySpan hackers released details for two million accounts online.

Online market place provider PlaySpan has been hacked, and the details of over two million accounts were released online. Visa-backed PlaySpan provides a real world storefront for thousands of games, many of them freemium, and all of those games could be affected by this hack.

So far it would seem that the hackers only posted user IDs, email addresses and PlaySpan encrypted passwords online. PlaySpan says there is no evidence that credit card details have been accessed. The PlaySpan site [http://www.playspan.com/] is down, and the Marketplace is also out; if you were wondering why you couldn't buy anything in- game, now you know.

World of Tanks [http://www.escapistmagazine.com/videos/view/trailers/5772-World-of-Tanks-British-Tanks-Trailer] gamers in particular have been warned that their details are vulnerable and passwords should be changed. Some sites reported that RuneScape and EVE Online were also affected, but this was incorrect. However if you have a PlaySpan account and there's the slightest chance that you might have used the same password for that as for any other game, now's the time to switch.

PlaySpan is conducting what a spokesperson described as a "forensic analysis" and apologized for any frustration or inconvenience caused to its customers. "We know PlaySpan's business depends on consumer trust," said the PlaySpan spokesperson. "Security is a top priority for us, and we are redoubling our efforts to strengthen PlaySpan's overall system security."

Source: Develop [http://www.develop-online.net/news/42216/Millions-of-PlaySpan-user-IDs-and-passwords-leaked-online]


Permalink

 

[the doom cannon]

So this is pretty serious, but it's completely undermined by all the false information provided by some of the early posts. Like how runescape, eve, and guild wars 1 had account information stolen. It has been posted that all 3 of these were not involved, so I have to wonder who is coming up with these things?

 

[Karloff]

So this is pretty serious, but it's completely undermined by all the false information provided by some of the early posts. Like how runescape, eve, and guild wars 1 had account information stolen. It has been posted that all 3 of these were not involved, so I have to wonder who is coming up with these things?

The PlaySpan site may have caused some confusion. Develop posted this:

"The original information on games affected stemmed from the PlaySpan website on titles it supports. I have now removed mentions of the titles until further clarification has been made."

And to be fair, the statement from EVE also posted by Develop says "they [PlaySpan, I assume] used to resell EVE time codes." That suggests PlaySpan did have an EVE connection once, but doesn't any more. If the same also applies to runescape & Guild Wars, that might explain why those games were originally cited as being affected when in fact they were not.

 

[Tortilla the Hun]

Wooooo!!

Go hackers!!

Stick it 2 da man!!

Amiright?!

No?

Guess that bandwagon passed on by...

Good riddance.

In all seriousness, I don't see why people do this. To me it seems like there's too many people with too much time on there hands that could be better spent on, idunno, crocheting? Maybe start a knitting circle? I hear embroidery is loads of fun.

 

[Bostur]

I assume Playspan is simply a 3rd party service selling time codes and other types of credits for online games?

World of Tanks doesn't seem to be directly affected either judging by their statement.

If you are a registered PlaySpan Marketplace user, and you used the same email and password for your World of Tanks account, we suggest you change your World of Tanks password.

http://worldoftanks.com/news/1679-playspan-security-breach/

It seems they merely chose to warn people because they suspect there may be some overlap of account information. If people use two separate services in tandem, there's probably a high risk of account information being identical.

In all seriousness, I don't see why people do this. To me it seems like there's too many people with too much time on there hands that could be better spent on, idunno, crocheting? Maybe start a knitting circle? I hear embroidery is loads of fun.

If it's possible for one hacker group to make a ruckus and publish the information, it's also possible for others to hack it and use the data secretely. I personally prefer that vulnerabilities like these becomes public knowledge, than having criminals use the data in secrecy.

Some companies tend to cover up security issues instead of fixing them. In a perfect world the hackers would inform the site in question and the security flaw would be fixed immediately. But in practice neither the hackers nor the people who owns the sites are perfect human beings. This is really the second best outcome for these cases.