[Knite]

Hey everyone-

Several popular Aion fansites, technology and gaming blogs, and places we all visit have been under attack lately from hackers. The most recent attempts ranging from the massive tech website TechCrunch, to right here at home on your favorite Aion fansites may have left sensitive data on your PC vulnerable.

AionSource was targeted along with these other sites beginning at 5pm on January 24th and was completely cleared up by 5:20pm. 6 hours later after we cleared the site of the breach, Google flagged AionSource as an "attack site" due to the small window where the breach took place. We appealed and were removed from this "attack site" list shortly after once Google verified we were clear.

We wanted to let everyone know we're doing everything we possibly can to ensure your safety, and the safety of things you hold dear. The reality so far is we do not know the intention or intentions of the persons who have been working so hard to redirect users and exactly what they're tried to install on our PCs. We have made several advancements in our security here at AionSource.com and have beefed up and re-installed plugins and custom code we use.

As we stated, we have since gone through, fully wiped and reinstalled vBulletin, and revamped our security to prevent intrusions like this from happening again. We want to encourage anyone who may have been logged into our site during that time to especially pay attention to the steps below.

Here are some tips on how to best protect yourself from these and other attacks:


- Install a good virus scanner (you can get high quality ones for free, such as Avast or AVG) or alternatively run a free online virus scanner like F-Secure: Free Online Scanner

- Make sure to clear your cache if you think you've been somewhere potentially dangerous, make sure all temporary internet files are removed.

- Use a different login/password for your E-mail, NCSoft Master Account, AionSource and Aion game accounts. If any of your passwords for these 4 services overlap, you are increasing your vulnerability to criminals seeking your personal data.

- On your master account, make sure you have good security questions that only you know the answers of, and that are difficult to guess - otherwise somebody can reset your password quite easily.

- Keep your computer and web browsers updated with the latest security patches, not updating leaves you vulnerable to attack.


Above all, we want to continue to provide a fun and safe community for everyone. These hackers/criminals are attacking high profile sites, but we are unaware if they are specifically targeting Aion accounts or if they have other motives. Please, please do all you can to protect yourself and your information and take the above steps very seriously.

As always, we appreciate your continued support!

To obtain latest security updates:
Internet Explorer: Microsoft Update
Firefox: Firefox web browser | Faster, more secure, & customizable
Safari on Mac OS X, click on the Apple menu and then Software Update.
Google Chrome: Google Chrome
Opera: Opera browser | Faster & safer internet | Free download

This post has been edited by Chalky: 27 January 2010 - 07:34 AM
Reason for edit: AV clarification

[Cynic]

It's strangely quiet in here... I'm ever so slightly scared.

[Ephrum]

Firstish post? Cool!

Anyway, good to hear you guys are staying ontop of things. <3

Also a good thing that my login/pass here are not the same as my login in game, but thats besides the point.

[Phantom Slave]

I just want to point out that your privacy question should always be something that's personal to you (an experience, a pet name, etc.) and never use Mother's maiden name or things like that because they're in open records available to the public (Birth Certificates show maiden name of your parents). Choosing a question/answer that are about a field trip you took will be much more secure.

[Melchior]

Don't worry Cynic, I'm sure people will comment soon enough.

This announcement is OUTRAGEOUS! Thanks for the update Knite!

[Antipathy]

Knite said:

we are unaware if they are specifically targeting Aion accounts or if they have other motives.

its most definitly not just aion websites/accounts/players. guildwars guru's database was accessed on friday as well.

[Axle01]

during the timeframe of the alleged attack i noticed a trojan called Infostealer.Gampass on my system on a regular scan.

Norton gave me a description

Infostealer.Gampass is a generic detection for a Trojan horse that steals online game accounts, such as Lineage, Ragnarok online, Rohan, and Rexue Jianghu.

this type of trojan has been around since 2006 I would say its been modified to catch aion accounts aswell.

This post has been edited by djsipo: 27 January 2010 - 04:10 AM

[PewPewLaz0r]

Never update my browsers but since you had a link i figured i might as well. Thanks knite

Edit: Now my wow forums aren't in my most visited =(

[Empfy]

Knite said:

[B]- Install a good virus scanner (you can get high quality ones for free, such as Avast or AVG) or alternatively run a free online virus scanner like F-Secure: Free Online Scanner

Ehh, for the windows users: Use the free microsoft scanner?

If you think your account as been hacked or your info stolen use the Malicious Software Removal Tool to detect malicious software(its not detected by virus scanners). Again, from microsoft.
Oh and other scans from microsoft including (web scans) Virus scanner, firewall scanner and some clean up tool. Windows Live OneCare safety scanner: Free online tool for PC health and safety you guessed it, microsoft again..


Good luck people ;)

[Kalidren]

Several in our guild had some hijack file on our computers which i gather is a false positive (alarmed a few tho!) One who visits this site (but doesn't have a account) was hacked and passwords changed. Not sure what the name of the file was. I keep my computer fully up to date at all times and IE8 didn't tell me that AionSource had been compromized. Other's said that Firefox caught it (sort of)

For him ... Avg didn't detect a problem altho malwarebytes did.

Interesting how that all works.

This post has been edited by Kalidren: 27 January 2010 - 10:12 AM

[msims81]

Everyone forgets about Adobe. Updating Adobe Reader is highly recommended as well. They patched a critical vulnerability this month that bypasses browser security.

[Solo]

Thanks for posting this Knite. I'm very glad to see you guys making an official announcement about this. I know it's not the best thing for PR, but it's really good to know that those in charge of this site are doing their best to look out for their visitors.

I won't name names, but there have been a few postings from site moderators that have just come off as defensive posts, in denial about the possibility that the recent hackings may be related to fansite breaches and security issues. I'm glad this sets the tone straight.

[DojoMax]

Solo said:

Thanks for posting this Knite. I'm very glad to see you guys making an official announcement about this. I know it's not the best thing for PR, but it's really good to know that those in charge of this site are doing their best to look out for their visitors.

I won't name names, but there have been a few postings from site moderators that have just come off as defensive posts, in denial about the possibility that the recent hackings may be related to fansite breaches and security issues. I'm glad this sets the tone straight.

:skip::skip::skip::shakeit::shakeit::shakeit:

/end

[Moriwenne]

Here's a question, does this have anything to do with those funny looking posts that appeared on the dev tracker a few days ago? I remember a few posts that didn't seem to lead anywhere and had a subject filled with random characters.
Does anyone remember this?

[Zeragna]

I knew something was up for google chrome found malware on the site warning me that if I went to aionsource I would be allowing access to whatever it was(said something like that). Glad to hear you guys got it and have amped the security


Keep up the good work!

[Moriwenne]

Azxiana said:

Sorry, I broke the dev tracker. :(

Aha! Finally the truth!!!! ^^
Alright, for my part I forgive you and will not be asking for damages on account of me being...you know, all stressful and stuff because of the occurrence in relation to the current security situation involv....ahhhhhhhh chill :=)

Along with Zeragna I too would like to exalt chromes successful warning (due to the google flagging) that made me not access aionsource. Usually I ignore those warnings for well known sites but given the current situation It seemed wise not to do so and just wait.

All this security mess...such wackadoo.

[Quasimodo]

Could you please confirm if your user database was compromised? I do know that passwords are safe - salted and stored as md5 hash - but email addresses aren't. Since there seems to be some link between emails used to register @aionsource and the recent phishing scam I would like to know if it's coincidence or not.
If db was compromised (or you can't rule it out with 100% certainty) it would be wise to send an email to all your users to be extra cautious as they are way more likely to be target of this scam.

This post has been edited by Quasimodo: 29 January 2010 - 02:57 PM

[roguefrequency]

I just received the notification that Quasimodo suggested. I was going to ask if the passwords were salted and hashed, but he seems to think they are. Can an admin confirm that the passwords were stored as salted MD5 or SHA1s?

Thanks.

P.S. Forcing HTTPS for login and registration pages (that is, if your SSL cert was working correctly) would be a good idea.

This post has been edited by roguefrequency: 29 January 2010 - 03:05 PM

[Steph]

I would like to mention that your email has all of its links hidden behind click trackers like http://clicks.skem1.com/v/?u=blahblah. It was not possible to determine if your email was legit without clicking on the links and discovering where they went to.

Rather ironic, IMO.