If you're one of the many applicants for the Battlefield Heroes beta, you've probably been informed of this via a somber mass email, but QA Boss, the organization in charge of registration for said beta test, has experienced a security breach which "exposes QA Boss forum user names, email addresses and encrypted passwords." The cause and extent of the breach, and who, if anyone, did the breaching, we've yet to learn -- nor do we know if it will affect the progress of the beta test.
QA Boss advises everyone who uses a single password for all their important logins, and used said password in the Battlefield Heroes beta signup, should probably change that password as a precautionary measure. Too bad, as our previous cipher was nigh uncrackable -- "drowssaP". It's "password" backwards! Brilliant, right?
[Thanks to everyone who sent this in!]
Reader Comments (39)
Posted: Jun 14th 2008 3:32PM monkeyssuck said
It's the price of a pizza and a large soda at Panucci's pizza right? $10.77?
Reply
Posted: Jun 14th 2008 7:03PM BananaBoat said
Good show sirs.
That dog will haunt me till the end of time.....
Reply
That dog will haunt me till the end of time.....
Posted: Jun 14th 2008 8:20PM (Unverified) said
Spy sappin' mah bank funds!
And FYI,this game doesn't look like TF2.
Reply
And FYI,this game doesn't look like TF2.
Posted: Jun 14th 2008 3:42PM (Unverified) said
They really should just accept everyone that applied at this point. I'd be very upset if my information was compromised for nothing!
Reply
Posted: Jun 14th 2008 4:05PM (Unverified) said
Yeh, cant believe all that and i'm STILL not in the beta.
Typical
Reply
Typical
Posted: Jun 14th 2008 4:07PM (Unverified) said
Same, I'll have to go change a few passwords and still no E-mail telling me what's happened!
Reply
Posted: Jun 14th 2008 4:07PM Giantenemycrab said
This is why I always put in phony info in stuff like this.
Reply
Posted: Jun 14th 2008 4:36PM (Unverified) said
When I saw the e-mail I had no idea what I signed up for QA Boss forums for until I saw this article
Reply
Posted: Jun 14th 2008 7:37PM (Unverified) said
Yeah fuck that.
If something serious happens with my password, I can just sue, right?
Less effort than using a new password when I've had the same one for everything since 5th grade.
Reply
If something serious happens with my password, I can just sue, right?
Less effort than using a new password when I've had the same one for everything since 5th grade.
Posted: Jun 14th 2008 4:49PM Omega Aero said
Argh, now I have to go round and change all my passwords. I best get in the beta after this kerfuffle.
Reply
Posted: Jun 14th 2008 7:06PM BananaBoat said
This type of thing is why I almost never buy anything with a credit card online.
Reply
Posted: Jun 14th 2008 7:29PM (Unverified) said
QA Boss - irony strikes again. You gotta be kidding me. Now 50% of all the beta signups I've ever entered have had a security breach.
Hopefully there won't be any "Flagship Studios' servers hacked" headlines. I'll leave it to you to figure out which other beta I signed up for.
Reply
Hopefully there won't be any "Flagship Studios' servers hacked" headlines. I'll leave it to you to figure out which other beta I signed up for.
Posted: Jun 14th 2008 7:39PM SpaceSpace said
You must be kidding me? How did that happen, well time to change all my email and what not passwords, shit. EA Games better make this Beta pretty fing amazing if they think it's fine to send out our passwords.
Reply
Posted: Jun 14th 2008 8:01PM (Unverified) said
Whoah, i have no email. does this mean i'm good?
Reply
Posted: Jun 14th 2008 8:25PM (Unverified) said
*sigh* Seriously? A breach? WTF... how can you not know how to properly secure something like that. Even with password encryption, the hashes can be easily cracked. Thanks EA, I just spent a fucking hour changing my passwords and updating them in my password manager...
Reply
Posted: Jun 15th 2008 6:37AM (Unverified) said
Everyone from Reddit to Mastercard has had a security breach. And the guys deserve credit for at least having the passwords encrypted unlike *some* people.
Reply
Posted: Jun 14th 2008 11:13PM (Unverified) said
How seriously should this be taken? I'm sure many signed up, what do you think the chances are of them finding my online accounts? Should I go all out on password resets? I have so many online accounts I can't count them.
Reply
Posted: Jun 14th 2008 11:14PM (Unverified) said
AFAIK, it was related to an old version of the bug tracking system Mantis they were using. Version 1.1.1 has both a "promote any user to administrator" vulnerability and a "execute arbitrary php" vulnerability.
Reply
Posted: Jun 15th 2008 11:28PM (Unverified) said
If they were morons and simply stored md5 hashed passwords, then this could will lead to some compromised accounts since reverse md5 databases exist.
If they were smart and added some salt to the hash, (i.e. password concatenated with "heroes", then run md5 on that) the encrypted passwords are worthless unless they can figure out what the salt was. Better yet, they would use some unique salt, such as the username so that an md5 database would not be helpful. I didn't have an account, but if I did, I would want to know this bit of information.
Reply
If they were smart and added some salt to the hash, (i.e. password concatenated with "heroes", then run md5 on that) the encrypted passwords are worthless unless they can figure out what the salt was. Better yet, they would use some unique salt, such as the username so that an md5 database would not be helpful. I didn't have an account, but if I did, I would want to know this bit of information.
Posted: Jun 16th 2008 11:46PM (Unverified) said
Oh man, for a minute I thought about using my secure password for this thing.
Reply
Posted: Aug 3rd 2008 5:40AM (Unverified) said
MOTHER......briliant idea mofo now we will have to wait even more for beta now.do evry1 a favor and jump of a 60 stroy toilet and explode into a bazillion bits!!!
Reply
Sorry, you must be logged in to leave a comment.
Featured Stories
The most popular posts
in the last 7 days
- Vita 'UMD Passport' won't be offered in US 220 comments
- Kingdoms of Amalur: Reckoning review: A tempting fate 153 comments
- David Jaffe leaves Eat Sleep Play, layoffs hit developer [Update] 108 comments
- Don't call it a remake: Final Fantasy X is a 'remaster,' to be clear 95 comments
- Battleship movie adapted into FPS by Double Helix 93 comments










