Speaking with a few of our readers, it was determined that some users have been waiting for account resolution for several days, with their Social logins hacked near the game's launch. Some Rockstar user reports even indicate that hackers get involved in the support tickets, making claims of account sale or similar actions. Further, we've encountered what we believe to be session bugs that is, it would appear that sessions remain active after account detail updates, making it difficult to truly evict a hacker. Rockstar seeks no confirmation to initialize an email or account holder information update, allowing hackers to effortlessly obtain indefinite access to compromised accounts. Most instances of account theft begin with an email: “The email address for your account has been updated,” it reads, noting that emails will now be sent to the new address instead. This effectively rules-out a rainbow table lookup and the strength of the password is enough to minimize brute forcing possibilities (within the allotted timeframe). Interestingly, our hacked account employed a password unique to Rockstar's services that, known to us, has never been used elsewhere. Rockstar then urged its users to change passwords regardless. The company indicated that hacked accounts may have been exposed through lists previously obtained elsewhere if some other site were hacked and the same account information had been used, that'd be the source of it, Rockstar said. Collecting the FactsĪfter taking days to officially comment, Rockstar told Kotaku in a statement that its service had not been compromised. Rockstar contacted us after-hours on 4/22, following publication of this original content, to provide a statement on the issues discussed herein.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |