Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

VideoGamesPlus.ca hacked

  • 18-01-2012 3:20pm
    #1
    Registered Users, Registered Users 2 Posts: 54,943 ✭✭✭✭


    Popular import retailer VideoGamesPlus.ca has reportedly been hacked, resulting in 21,000 of its customers' details being posted online.
    Hacker "xdev@b4lc4nh4ck" posted a link to what was apparently stolen personal information from the online Canadian shop on Pastebin.
    A .rar file posted on RapidShare (since removed) apparently contained names, dates of birth, email addresses, phone numbers and encrypted passwords. Eurogamer readers have been in touch, claiming their details were found inside.
    "Videogamesplus.ca has [been] pwned by xdev @ b4lc4nh4ck," the hacker announced via his Twitter account. "Greetz to Don @ b4lc4nh4ck. More information will be posted on Pastebin."
    VideoGamesPlus.ca has yet to comment on the hack or publicly acknowledge the breach to customers.
    We've contacted the Canadian retailer for more information and will update when we hear back. At the very least, we'd advise anyone who's used VGP to log in and change their password.
    http://www.eurogamer.net/articles/2012-01-18-videogamesplus-ca-hacked-21-000-users-details-stolen

    **** **** ****

    Iv used them in the past, right good online retailer. **** it anyway.

    ****ing hacking ***** anyway


Comments

  • Registered Users, Registered Users 2 Posts: 54,943 ✭✭✭✭Headshot


    Update: VideoGamesPlus.ca has begun emailing customers to inform them of the site's apparent security breach.
    VGP admitted it was "currently investigating a security issue" in a generic email addressed to users, passed to Eurogamer this evening. The company recommends users change their passwords "as a safety precaution" and apologised "for any inconvenience caused".

    Its pretty bad that you trust these companies and yet they cant have any decent security

    The brick and mortar shops could be back in fashion


  • Registered Users, Registered Users 2 Posts: 8,225 ✭✭✭Ciaran500


    Headshot wrote: »
    Its pretty bad that you trust these companies and yet they cant have any decent security

    Bit early to say that, if a shop was broken into you wouldn't immediately blame the shop.


  • Registered Users, Registered Users 2 Posts: 54,943 ✭✭✭✭Headshot


    Ciaran500 wrote: »
    Bit early to say that, if a shop was broken into you wouldn't immediately blame the shop.

    I dont believe it is

    Sony, VGP, Rift, steam and probably a some more. I dont understand why after the big sony fiasco they other online retailers didnt see this coming

    A bricks and mortor shop wouldnt have my details


  • Moderators, Category Moderators, Arts Moderators, Computer Games Moderators, Entertainment Moderators Posts: 30,019 CMod ✭✭✭✭johnny_ultimate


    In fairness, VGPlus are a small independent company with none of the resources of the bigger victims. Still not acceptable, but it's a ****ty move on the hacker to have attacked a company that is anything but big businesses.


  • Registered Users, Registered Users 2 Posts: 8,225 ✭✭✭Ciaran500


    Headshot wrote: »
    Sony, VGP, Rift, steam and probably a some more. I dont understand why after the big sony fiasco they other online retailers didnt see this coming

    What I was saying is that it's a bit early to say VG+ had bad security, nothing is hack proof.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 9,249 ✭✭✭Stev_o


    Headshot wrote: »
    I dont believe it is

    Sony, VGP, Rift, steam and probably a some more. I dont understand why after the big sony fiasco they other online retailers didnt see this coming

    A bricks and mortor shop wouldnt have my details

    Beause nothing is hack proof and if a determined hacker decides he wants to hack something like this chances are they'll break in one way or another.

    Hell they don't even need to hack they can just phish their way in.


  • Registered Users, Registered Users 2 Posts: 3,923 ✭✭✭kearneybobs


    I remember getting GoW:Collection from them for the PS3. Butt hey dont have my email on record so i think I'm safe. Maybe I ordered it as a guest or something.


  • Registered Users, Registered Users 2 Posts: 2,509 ✭✭✭NotorietyH


    I got an alert this morning from the Security company that Sony provided for people after the hack last year, saying that my email address was being traded/sold so I assume it's because of this. I've only ordered from them a few times and the last time was probably 2 years ago. Annoying but my password for there was different from everywhere else anyway so hopefully I'm safe enough.


  • Registered Users, Registered Users 2 Posts: 8,283 ✭✭✭Glico Man


    NotorietyH wrote: »
    I got an alert this morning from the Security company that Sony provided for people after the hack last year, saying that my email address was being traded/sold so I assume it's because of this. I've only ordered from them a few times and the last time was probably 2 years ago. Annoying but my password for there was different from everywhere else anyway so hopefully I'm safe enough.

    Same here. Changed my password to that account but the feckers still managed to spam me :mad:


  • Closed Accounts Posts: 5 HeKnowsAll


    Safe is relative. The passwords were MD5 hashed, but random salt, though I suspect the salt is actually in the password data.

    The hack is much worse than the stories are saying due to VG+'s terrible security. My gran could have hacked the site.

    They've lost: Name, DOB, email, telephone number, postal address, order history, customer basket (if anything put in there and abandoned), registered date, number of times logged in, last login date, some crap do do with affiliates, vouchers and various other bits and bobs. Combine this with google searches and you could have a nice fistful of data thank you-please.

    And NotorietyH - yes, I know where you live ;)


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 3,923 ✭✭✭kearneybobs


    HeKnowsAll wrote: »
    Safe is relative. The passwords were MD5 hashed, but random salt, though I suspect the salt is actually in the password data.

    The hack is much worse than the stories are saying due to VG+'s terrible security. My gran could have hacked the site.

    They've lost: Name, DOB, email, telephone number, postal address, order history, customer basket (if anything put in there and abandoned), registered date, number of times logged in, last login date, some crap do do with affiliates, vouchers and various other bits and bobs. Combine this with google searches and you could have a nice fistful of data thank you-please.

    And NotorietyH - yes, I know where you live ;)
    I did notice that you had posted something earlier about him and it disappeared fairly lively. :confused:


  • Moderators, Category Moderators, Computer Games Moderators Posts: 52,407 CMod ✭✭✭✭Retr0gamer


    Yep I deleted it. I decided to get rid of it because it had some details that were contained in the leak but had a chat with the poster and he's just trying to show people that this is a pretty bad leak and that you should all be careful.


  • Registered Users, Registered Users 2 Posts: 54,943 ✭✭✭✭Headshot


    I see no addresses, just name dob and phone number that they got too

    btw hacking pricks, why pick on a small innocent company


  • Registered Users, Registered Users 2 Posts: 54,943 ✭✭✭✭Headshot


    Retr0gamer wrote: »
    Yep I deleted it. I decided to get rid of it because it had some details that were contained in the leak but had a chat with the poster and he's just trying to show people that this is a pretty bad leak and that you should all be careful.

    So you dont think he's on a windup

    hence just registering today ?


  • Closed Accounts Posts: 5 HeKnowsAll


    Was trying to make the point that the data lost makes things not that safe, a site mod didn't agree which is fair enough. Many people don't think anything can be done with this sort of information. Until their identity is use for fraud of course, but by then you've got the hassle of sorting it all out.

    Hackers are a pain in the bum yes, but you don't leave you house unlocked when you go out do you? VG+ seem to be burying their head in the sand.

    Being signed up to an ID protect thing is becoming more and more required it seems :(


  • Closed Accounts Posts: 5 HeKnowsAll


    Headshot wrote: »
    So you dont think he's on a windup

    hence just registering today ?

    Are you registered with VG+? Send me you name and I'll send you your details :)


  • Moderators, Category Moderators, Computer Games Moderators Posts: 52,407 CMod ✭✭✭✭Retr0gamer


    Headshot wrote: »
    So you dont think he's on a windup

    hence just registering today ?

    I'm afraid all the details were made available for a while on rapidshare so if you were quick enough they are out there.


  • Registered Users, Registered Users 2 Posts: 54,943 ✭✭✭✭Headshot


    Retr0gamer wrote: »
    I'm afraid all the details were made available for a while on rapidshare so if you were quick enough they are out there.

    oh I got the details already and im on it :(

    But all I see is names, dob, email and phone number

    nothing else


  • Closed Accounts Posts: 5 HeKnowsAll


    It was taken down from rapid share quite quickly, which is good actually.

    However, VG+ had that file and a whole lot more publicly available on their own website, if you knew where to look, which wasn't very hard.

    If you don't believe me I'm happy to prove it - PM me your name, I'll PM back.


  • Registered Users, Registered Users 2 Posts: 8,326 ✭✭✭Zapp Brannigan


    Ugh, great! I had an account but they haven't emailed me letting me know about it. Cheers VGP.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 54,943 ✭✭✭✭Headshot


    Hey Retro lucky you didnt buy that controller eh :D


  • Moderators, Category Moderators, Computer Games Moderators Posts: 52,407 CMod ✭✭✭✭Retr0gamer


    Headshot wrote: »
    Hey Retro lucky you didnt buy that controller eh :D

    Bought a shot load of other stuff from them and they are my main import site so not really happy days :)

    VGP are being really bad about this and are just proceeding as if nothing happened without any e-mails to anyone about this.

    If there's one good thing about that Sony hacking from last year is that I changed my passwords.


  • Registered Users, Registered Users 2 Posts: 54,943 ✭✭✭✭Headshot


    Retr0gamer wrote: »
    Bought a shot load of other stuff from them and they are my main import site so not really happy days :)

    VGP are being really bad about this and are just proceeding as if nothing happened without any e-mails to anyone about this.

    If there's one good thing about that Sony hacking from last year is that I changed my passwords.

    I got an email from them, Retro

    Maybe you are lucky and they didnt get your details

    Regarding VGP Im going to ring them up tomorrow and ask what is the story


  • Registered Users, Registered Users 2 Posts: 14,012 ✭✭✭✭Cuddlesworth


    Headshot wrote: »
    I got an email from them, Retro

    Maybe you are lucky and they didnt get your details

    Regarding VDP Im going to ring them up tomorrow and ask what is the story

    Judging by the severity of the hack, its unlikely that they didn't get every single customers emails.

    I wonder how bad their security was? Looks like it was full admin access to all their databases. Assuming they weren't thick enough to stick everything on the one.......


  • Closed Accounts Posts: 5 HeKnowsAll


    It was very poor. No CC stuff stored though.

    122,765 customer records, with 136,956 related address details.


  • Registered Users, Registered Users 2 Posts: 7,264 ✭✭✭witnessmenow


    I had a look at the dump there, I am on it ok. It has my full name, my email address, and my old phone number

    But this is a dump of one table, its very likely they got other tables too


  • Closed Accounts Posts: 23,316 ✭✭✭✭amacachi


    I'm just trying to figure out what password I used for the site, see what I need to change now.


  • Registered Users, Registered Users 2 Posts: 5,785 ✭✭✭eddhorse


    Nothing is safe ! Although by the sounds of things they didn't secure their site enough !
    I never did get to empty my basket, looks like they did it for me,
    Any word on credit card details used on the site?
    Ed


  • Registered Users, Registered Users 2 Posts: 2,509 ✭✭✭NotorietyH


    I got an email from them last night, which was a bit too slow for my liking. At least I was aware of it, but there's probably people out there who are only just finding out about it now.

    Think I've changed all I can change. After the PS hack I decided I just had to accept that every single shred of information about me is out there anyway and I just had to accept it! Was almost freeing in a way. Will just stay registered with the Security service after my year runs out I think.

    Just have to go and change my home address now. Off to daft.ie I go!


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 5,785 ✭✭✭eddhorse


    NotorietyH wrote: »
    Just have to go and change my home address now. Off to daft.ie I go!

    Haha
    Security Email,
    We are emailing all our customers to let them know that we
    have had a security breach. Unfortunately, this has meant that some customer’s personal information such as names, phone numbers and email addresses has been
    compromised.

    However, we can confirm that no customer’s credit card or
    other financial information, other than your general contact information, has
    been compromised.
    We can confirm this because Videogamesplus.ca does not internally store full credit card numbers, or any other financial information on our secure server.
    We take privacy and security very seriously and have contacted the authorities to investigate the matter further. We have also taken all necessary security steps to ensure our site is once again secure. We are also upgrading and adding new security measures to the site immediately.

    We also note that all passwords were encrypted and are accordingly not visible, but as a safety precaution we are still recommending that all customers login and change their current password to a new one. We have sent an earlier email explaining how to make this change. If you require further assistance with thisyou can contact our customer service team at customerservice@videogamesplus.ca

    Unfortunately, you may receive emails pretending to be from
    us at videogamesplus.ca asking you for personal details, including financial
    information. We ask you to be vigilant with your email and personal
    information. We confirm that at Videogamesplus.ca we will never email you asking for passwords, credit cards, banking details or any other personal or financial information, and accordingly recommend that you should simply delete such e-mails and not respond to them. If you receive anything suspicious in your email, please do not click any of the links and
    forward the email to mailto:security@videogamesplus.ca us to investigate.

    We sincerely apologize for any inconvenience this has caused
    our customers.

    VGP Customer Service Team


  • Moderators, Category Moderators, Computer Games Moderators Posts: 52,407 CMod ✭✭✭✭Retr0gamer


    I'm still waiting for anything from them. Pretty bad form.


  • Closed Accounts Posts: 17,661 ✭✭✭✭Helix


    Retr0gamer wrote: »
    I'm still waiting for anything from them. Pretty bad form.

    im assuming that anyone who hasnt heard anything hasnt been compromised


  • Registered Users, Registered Users 2 Posts: 54,943 ✭✭✭✭Headshot


    Helix wrote: »
    im assuming that anyone who hasnt heard anything hasnt been compromised

    Nope that assumption is wrong im afraid


  • Closed Accounts Posts: 17,661 ✭✭✭✭Helix


    possibly

    if i have a chance next week ill get steve a call and see what exactly is going on anyway


  • Moderators, Category Moderators, Computer Games Moderators Posts: 52,407 CMod ✭✭✭✭Retr0gamer


    Well I got someone to check the list and I'm definitely on it and still no e-mail.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 5,785 ✭✭✭eddhorse


    Retr0gamer wrote: »
    Well I got someone to check the list and I'm definitely on it and still no e-mail.

    Still nothing for me either !!

    You get anything yet retr0?


  • Moderators, Category Moderators, Computer Games Moderators Posts: 52,407 CMod ✭✭✭✭Retr0gamer


    Nope nothing yet.


  • Registered Users, Registered Users 2 Posts: 1,750 ✭✭✭ghostchant


    I haven't received any communication from them either.


  • Registered Users, Registered Users 2 Posts: 5,785 ✭✭✭eddhorse


    Well apparently someone spent €120 in Wal Mart on my credit card !

    Cancel Card, Cancel Card, Cancel Card

    :eek:


Advertisement