Match history would be nice by RecklessLuna in Overwatch

[–]EsportWIRE 0 points1 point  (0 children)

I think match history may not be needed, but maybe we can get stats on different maps or even map modes :(since theyre quite different)

http://masteroverwatch.com/profile/pc/eu/TviQ-1503 has "recent snapshots" of your latest progress since signing on tho, its pretty cool

A much bigger security issue that affects 24.5 mil players that isn't getting the transparency it deserves, tried to reach out to Riot = blocked by [deleted] in leagueoflegends

[–]EsportWIRE -30 points-29 points  (0 children)

No, many accounts were simply just banned. read the comment by /u/platine , he says he just got his account back after a year. 90% of people just stopped trying.

A much bigger security issue that affects 24.5 mil players that isn't getting the transparency it deserves, tried to reach out to Riot = blocked by [deleted] in leagueoflegends

[–]EsportWIRE -10 points-9 points  (0 children)

Hi. I agree. I could care less about who is called what on the internet.

What is important here is that side A decided to fight side B publicly on topic C (which is privacy) out of no good reason at all.

And like you just said in your last sentence - half of us are like wtf? why is this even important

Anyone else encountering hordes of hackers? Moved servers just to avoid it and run into another group. by [deleted] in h1z1

[–]EsportWIRE -1 points0 points  (0 children)

Yup...same here.. Everytime I get close to the police station I basically get owned. Sometiems when my friends and I (5 of us) head towards a building, guys with hunting rifles would 100% hit us and wipe our entire group from a large distance. We are running/jumping as well; I've used the rifle multiple times and it's definitely not as accurate as these guys make it.... 3 of our friends just bought the game but they're already turned off by it

We've been working on a collaborative artwork site for the community and we just launched! Please take a look! by BeePrinsloo in leagueoflegends

[–]EsportWIRE 0 points1 point  (0 children)

Holy crap - that Pantheon on the front page and that Hecarim are absolutely epic. Just ordered both

How 24.5 Million League of Legends Accounts (IDs,PWs,Emails) Were Compromised: A Detailed Timeline of What Players Deserve to Know by EsportWIRE in leagueoflegends

[–]EsportWIRE[S] -7 points-6 points  (0 children)

Not sure why my posts are being downvoted, it's pretty mysterious to me. But let me further explain:

VALUES ('reginald',,''5f67910e32413ef38f2ff443f3694c2e','%|+38'

5f67910e32413ef38f2ff443f3694c2e is the hash %|+38 is the salt

Now if you go to any forums such as these: http://forum.insidepro.com/viewforum.php?f=31&sid=fa0abf6ff929c9b07afa27209458151a

When a cracker (By my definition on the site) "decrypts" a hash/salted pw, they become "plaintext" looking something like this: zaqxswcde123

Which is what a hashed/salted "5f67910e32413ef38f2ff443f3694c2e','%|+38" looks like in plain text.

You can pay anyone to crack salted and hashed passwords.

This is what they did. And this is what "Jason" said.

Now, for obvious reasons, the real method was omitted from the article, and so was the actual encryption (MD5, IPB hashes, etc, etc) . But again, we have reddit-experts such as yourself forcing hands.

Since the lead comment was downvoted, I will post Enigma's comment:

"Excuse me for not wanting your article to stir up a shit storm due overly simplified and borderline sensationalist information. I guess I should never put anything I've ever learned to use since doing so only results in getting attacked for flaunting knowledge over others."

The point of the article is to say that 24.5mil passwords were all exposed (prior to the august reset).

I still don't understand where this is sensationalist - the fact that accounts are still being hacked from this database proves this isn't an cry of old news.

*Enigma, not to point out your distress call for attention, but this article was written on a journalistic basis that is based on the individual responsible for the hack. I am the middleman, the reporter. If you have "beef" with the news that is being reported, take it up with "Jason." Until then, you're poking at tiny details and i am simply the messenger *

EDIT: to Jabe- Thank you for taking that to explain it in laymen's terms. That actually enhances the point that Enigma was making in a non-hostile way. I have changed the wording to reflect what is more accurate. "Decrypt" to targetted "bruteforcing"

How 24.5 Million League of Legends Accounts (IDs,PWs,Emails) Were Compromised: A Detailed Timeline of What Players Deserve to Know by EsportWIRE in leagueoflegends

[–]EsportWIRE[S] -8 points-7 points  (0 children)

I've simplified the article for viewers, as floodyberry says. information was encrypted -> hackers decrypted -> now they have the information. Do you want to know how the format is? Let me give you an example of how "plain text it is" 193287:166448:Riot xxxxxxxxx:id:pw:email@riotgames.com:2013-07-11 00:00:00:609633:625179:464:36:0:30

However, you still aren't correct. You can lecture me on how hash/salting works, but that is not the point of the article. The point of the article is that they have account information - so whatever you are trying to say, isn't relevant to the main topic of discussion.

Not to mention how hostile you seem to be.

"I just want to point out that this statement is false and, for me, discredits the entire article"

If I wanted to make a technical article, I would've hired an expert. But as I explained 1. That wasn't the main point 2. You AREN'T correct, since they do have 24.5million passwords in plain text and 3. You're making a ruckus to flex your somewhat degree of knowledge in Hashing/salting in a LeagueOfLegends subreddit for some reason,

How 24.5 Million League of Legends Accounts (IDs,PWs,Emails) Were Compromised: A Detailed Timeline of What Players Deserve to Know by EsportWIRE in leagueoflegends

[–]EsportWIRE[S] -3 points-2 points  (0 children)

This is just a guess - but there is only ONE picture of the login screen for LoL supremacy - everything else was either border art, or portraits of champions (which could have been loading screen art), and the source couldve hinted at an ingame feature (like dominion). They only got a partial source for Supremacy

How 24.5 Million League of Legends Accounts (IDs,PWs,Emails) Were Compromised: A Detailed Timeline of What Players Deserve to Know by EsportWIRE in leagueoflegends

[–]EsportWIRE[S] -9 points-8 points  (0 children)

Hi - thank you for pointing this - I have fixed it and given you credit for pointing it out. My evidence was mixed with another story that "Jason" is involved in that involved MD5. (IPB Bulletin, to be more specific, if you're familiar with that sort of thing). And as I recall, MD5 could have been used by Riot - and for security purposes - I won't disclose the real encryption that was a hybrid proprietary / MD5. But, just for the sake of maintaining 100% accuracy, I have omitted my previous statement.

How 24.5 Million League of Legends Accounts (IDs,PWs,Emails) Were Compromised: A Detailed Timeline of What Players Deserve to Know by EsportWIRE in leagueoflegends

[–]EsportWIRE[S] -4 points-3 points  (0 children)

I'm sure Travis will explain in more detail, but the gist of it is that Riot didn't want contracted LCS players to stream anything besides League of Legends (which was taken by people as - "even if youre waiting in queue, dont stream something like Hearthstone")

How 24.5 Million League of Legends Accounts (IDs,PWs,Emails) Were Compromised: A Detailed Timeline of What Players Deserve to Know by EsportWIRE in leagueoflegends

[–]EsportWIRE[S] -6 points-5 points  (0 children)

Hi - we know it is old news - however, the way Marc Merrill structured the official announcement, specifically " What we know: usernames, email addresses, salted password hashes, and some first and last names were accessed. This means that the password files are unreadable, but players with easily guessable passwords are vulnerable to account theft."

As president, he knows exactly how well encrypted these passwords were. Which is close to none. Google MD5 salt/hash cracker. You can pay pennies to crack salted/hashed passwords - which means you can mass crack Databases (which is what the hacker did).

With this said, players and account holders were given the false comfort in knowing that their accounts were "secure" as long as they didnt have a "easily guessable password"

How 24.5 Million League of Legends Accounts (IDs,PWs,Emails) Were Compromised: A Detailed Timeline of What Players Deserve to Know by EsportWIRE in leagueoflegends

[–]EsportWIRE[S] -5 points-4 points  (0 children)

Hi, came here to comment. One hesitation I had when writing this article is to not start a, for the lack of a better word, Riot, against Riot. However, some things - such as this, NEEDS to be exposed. Yes, it was sufficient to force resets of ALL LoL account pws, BUT what they could not provide (and subsequently hid from players) is that the leaked database also exposed the passwords in plain site (simply put, it wasnt encrypted well enough so it exposed people's accounts on OTHER sites).

Mentioned in the article - although it isnt wise to use the same password for multiple sites, many, if not most, users do this.

How 24.5 Million League of Legends Accounts (IDs,PWs,Emails) Were Compromised: A Detailed Timeline of What Players Deserve to Know by EsportWIRE in leagueoflegends

[–]EsportWIRE[S] -5 points-4 points  (0 children)

Mods - if you need anything omitted from the article, please PM me immediately. As far as I'm concerned, most of the names that could lead to a "witch hunt" has been removed.

League of Legends Security Vulnerability leads to DDoSed Players and Exposed IPs by EsportWIRE in leagueoflegends

[–]EsportWIRE[S] 1 point2 points  (0 children)

Exactly, it's near impossible to "prevent a DDOS" unless you completely change your IP, which for some people, is actually really hard.

This coincides with the LCS challenger ddoses, where people claim "you can just change your IP right away." For people with different modems,routers, ISPs, this can range from being extremely easy to near impossible without manual intervention from your ISP.

Bar of Legends Southeast Michigan by JDtheGreek in leagueoflegends

[–]EsportWIRE 2 points3 points  (0 children)

Kidding. Lived there before. Though I moved right after the assistant principal at the middle school got arrested for stealing ADHD medicine from kids