Star Wars Galaxies fan website hacked

We have seen our share of hacker attacks on web sites in past several months. However, most of them have been against sites run by businesses or government agencies. This week, a hack attack was discovered by the operators of SWGalaxies.net, a fan site devoted to covering the MMO game Star Wars Galaxies. According to Venture Beat, the hacker group lifted over 21,000 email addresses and over 23,000 passwords from the site. A small hacker group called ObSec claimed credit for the attack and posted up the emails and passwords they lifted onto the Internet.

An analysis of the passwords by the site Identity Finder claims that 71 percent of them would be considered "weak". That means the passwords were too short, contained words found in the dictionary or did not contain any numbers or special characters. The people who created those passwords might be in danger of more hacks and identity theft due to their poor choice of password. On the other side of the password list is one person who had a password that was 42 characters long.

The operators of SWGalaxies.net, which is not officially affiliated with the game's publishers Sony Online and LucasArts, said that the site itself is no longer being actively maintained. Earlier this summer Sony Online announced that it would be shutting down Star Wars Galaxies after over eight years. The game is scheduled to shut off its servers sometime in December. Meanwhile BioWare's MMO title Star Wars The Old Republic is due out sometime in the holiday 2011 period.

Report a problem with article
Previous Story

Pakistan bans encryption because of ‘terrorists'

Next Story

PAX Prime 2011 brings in 70,000 attendees

7 Comments

Commenting is disabled on this article.

Damn, that guy with the 42 character password has me beat by 1 character!
Mine is 41.

I only use the 41 character password on really sensitive things though.

InsaneNutter said,
"As far as I've been able to determine this breach seems to have happened over 3 years ago, before the forum was upgraded, though at least some of the account information stolen at the time is still valid."

Source: http://www.lucasforums.com/ann...8bdd9c438b2e5bcc3&f=281

The website was hacked 3 years ago, and they only just noticed now...


Like I've always said before, with the likes of Lulzsec who give public notice of who and what they've got access to when they hacked a system... it makes you wonder, if at all these bigger companies would have actually said anything... and thats IF they found out they were hacked.

I know the reports say 90% of companies were hacked last year (http://business.financialpost....panies-hacked-in-past-year/) but we don't hear about any of them and how many sites are hacked and go unnoticed.

In the early days on IRC I've seen botnets taking over channels and the host masks have been from some popular domain names, mainly mail servers, but it goes to show that security might have been tightened, but actual skill levels haven't gotten any better.

I can only assume its middle/high managers who don't really have a clue about IT security just hiring people with a degree in computer science. ^_^

sagum said,


Like I've always said before, with the likes of Lulzsec who give public notice of who and what they've got access to when they hacked a system... it makes you wonder, if at all these bigger companies would have actually said anything... and thats IF they found out they were hacked.

I know the reports say 90% of companies were hacked last year (http://business.financialpost....panies-hacked-in-past-year/) but we don't hear about any of them and how many sites are hacked and go unnoticed.

In the early days on IRC I've seen botnets taking over channels and the host masks have been from some popular domain names, mainly mail servers, but it goes to show that security might have been tightened, but actual skill levels haven't gotten any better.

I can only assume its middle/high managers who don't really have a clue about IT security just hiring people with a degree in computer science. ^_^


@*.edu is a very popular bot hostname, I remember channels were full of them, back in 2000-ish, because they had very fast internet access when the majority of people still had dial up.