Main Forum

DDO 2013 data breach, passwords and you

5 replies
Posts:
230
Officer
The DDO/LOTR data breach was kept very very quiet. I imagine some to this day do not know about it. My life was vastly affected by identity theft and most likely the major breach that happened with Adobe (.pdf and media creation tools) that didn't come to light for years and was hushed. I was reminded of it today when I did a semi-regular check of my various emails, thus this post.

Click to check email breaches on popular hack lists

One of my older emails was tied to DDO and was flagged with the following warning:
haveibeenpwned.com wrote:
Dungeons & Dragons Online: In April 2013, the interactive video game Dungeons & Dragons Online suffered a data breach that exposed almost 1.6M players' accounts. The data was being actively traded on underground forums and included email addresses, birth dates and password hashes.

DDO has since changed forum and game account access. My email that was flagged is no longer used and what it used before does not have the same password for other things.

There are numerous reasons to change passwords regularly regardless of the hassle. I don't wish what I've gone through on anyone. You can try a password manager. Do a google for that, there are many. I do strongly suggest NOT using anything Kaspersky as they are under investigation for contributing to foreign government hacking.

Good Hunting !
Posted Jun 13, 18 · OP
Posts:
230
Officer
I have a new notice that the email I use only for this site with the password unique to this site is now on the pown'ed list.

That means the enjin.com domain has been hacked (and we need to let the domain admins know).

I strongly suggest everyone change passwords especially if you use the same password for other things that share this.

I have not settled on a password manager but am looking at a physical USB key. That way you only need to remember one master password and can generate huge random ones to use.

A couple of tips from personal techniques:

1) if someone put a gun to my head in the desert and demanded passwords I doubt i could remember them. I do mine by situational awareness. I need to be at the keyboard in similar surroundings and ask myself what password to create. The first thought is often the correct one. I can't do that anywhere else.

2) If you need a long string you can try a song or perhaps bible verse you know by hart and use the first character of every word.

Good Luck !
Posted Jan 25, 19 · OP
Posts:
1,449
Admins
Officer
I just sent a note to the Enjin Admin
Posted Jan 26, 19
Posts:
1,449
Admins
Officer
Enjin Support (Enjin CMS Support)
Jan 27, 2:25 AM UTC
Hi Propane,
Enjin has not been hacked. We've already conducted tests in sight of this. Your email address and password must have been used somewhere else for it to have been compromised.
Best regards,
Chris
www.enjin.com
www.enjincoin.io
Posted Jan 28, 19
Posts:
230
Officer
The only place that combination is used is here. The email access is a different password. So, they have been hacked. /shrug I changed my password and I stand by the evidence.
Posted Mar 1, 19 · OP
Posts:
1,449
Admins
Officer
I have no doubt that they would "not advertise" having an issue - nothing wrong with changing passwords - thanks for lets us know-
Posted Mar 3, 19
NoticeNotices