Game Site Accounts Hacked: Action Required

By November 21, 2014 Security News 20 Comments
A hacking group has obtained login credentials for PlayStation Network, 2K Game Studios, and Windows Live. The hackers, known as DerpTrolling, have released a subset of the data to confirm their claim, which LastPass has reviewed and determined the leaked credentials are valid. This group has also claimed responsibility for a DDoS (distributed denial-of-service) attack on Blizzard Entertainment in which they overloaded their servers and shut down the service to users over the weekend.

According to the hacker group, the motivation for the attack was to demonstrate to the gamer community the vulnerability of their information and to compel these large companies to further protect the information of their customers. The breadth of the leaked information could be vast. A member of the group claimed “We have 800,000 from 2K and 500,000 credit card data. In all of our raids we have a total of around 7 million usernames and passwords…We have around 2 million Comcast accounts, 620,000 Twitter accounts, 1.2 million credentials belonging to the CIA domain, 200,000 Windows Live accounts, 3 million Facebook, 1.7 million EA origins accounts, etc.”

Action Required

LastPass has deactivated the exposed accounts who reused their LastPass master password with these services. Remember… if you’re reusing passwords, especially your LastPass master password, you’re inviting trouble. We recommend immediately changing the passwords for these affected sites and if you reuse passwords on more than one site, you should take action to change those duplicate passwords as well. Use the password generator in LastPass to create a strong, unique password for every account.

As always, we will stay vigilant and do what we can to protect our users and their information.

Be Secure,
The LastPass Team

 

20 Comments

  • Anonymous says:

    Being a Technical Person myself, I have to say that its impossible to store passwords locally (as its being clamed by the video) and yet have the passwords accessible from multiple deviced. this is quiet obvious and the ONLY way it could work is by having your local computer left switched on all the time so you could access its local saved a password on other devices. clare to clarify?

  • Anonymous says:

    So LP peeps,

    O own my own corporation and am looking at LastPass Corporate as well as Xmarks. The problem is that Xmarks is not working and there is no way to let you know. All the help and contact links are shut down.
    The question is: Why would I ever consider paying money for a system that is not working and that has no feedback loop to let you know what is broken. That being said, Did you waste your money buying Xmarks? What gives ???

  • Anonymous says:

    PlayStation Network and Windows Live hack could be a hoax, experts say.

    http://www.theguardian.com/technology/2014/nov/21/playstation-network-hack-hoax-experts-say

    • Amber Gott says:

      Thanks, we did see the follow-up – it never hurts to change your password, though, especially if you’re using the same or similar passwords on other accounts.

  • Anonymous says:

    Please do not mark my two-step-verification enabled accounts as vurnerables in LP security check, as that is completely false. Thanks. PS.: I don’t have duplicate passwords, of course, so I’m totally safe, despite the leaks.

    • Amber Gott says:

      We are evaluating solely on the basis of the passwords, protecting with multifactor does increase the security but we don’t currently account for this in the results, we may in the future.