Battlefield Heroes Beta applicants exposed in security breach
by Griffin McElroy 
{ Jun 14th 2008 at 3:00PM }
QA Boss advises everyone who uses a single password for all their important logins, and used said password in the Battlefield Heroes beta signup, should probably change that password as a precautionary measure. Too bad, as our previous cipher was nigh uncrackable -- "drowssaP". It's "password" backwards! Brilliant, right?
[Thanks to everyone who sent this in!]
Reader Comments (Page 1 of 1)
tc @ Jun 14th 2008 3:24PM
i really should stop using my bank pin for passwords...
Monkeys Suck @ Jun 14th 2008 3:32PM
It's the price of a pizza and a large soda at Panucci's pizza right? $10.77?
BananaBoat @ Jun 14th 2008 7:03PM
Good show sirs.
That dog will haunt me till the end of time.....
hydralisk456 @ Jun 14th 2008 7:38PM
I waited for you Fry.....
Jakka @ Jun 14th 2008 8:20PM
Spy sappin' mah bank funds!
And FYI,this game doesn't look like TF2.
UltimateQ @ Jun 14th 2008 3:33PM
I got that nice little email. I don't use a single password. So it's all good in the hood. If they used one way hashing, they should be unable to 'crack' the encryption on the passwords, it all comes down to brute force.
CJH @ Jun 14th 2008 3:42PM
They really should just accept everyone that applied at this point. I'd be very upset if my information was compromised for nothing!
%u0410%u043B%u0438%u0441%u0442%u0435%u0440 @ Jun 14th 2008 3:50PM
agreed
sam @ Jun 14th 2008 4:05PM
Yeh, cant believe all that and i'm STILL not in the beta.
Typical
Robotochan @ Jun 14th 2008 4:07PM
Same, I'll have to go change a few passwords and still no E-mail telling me what's happened!
giantenemycrab @ Jun 14th 2008 4:07PM
This is why I always put in phony info in stuff like this.
Faptor @ Jun 14th 2008 4:36PM
When I saw the e-mail I had no idea what I signed up for QA Boss forums for until I saw this article
Marzz @ Jun 14th 2008 5:04PM
yeah, seriously. I thought it was for one of those forums i signed up for to download something and then immediately forgot :/
offday @ Jun 15th 2008 12:44AM
Same. All I know is I better be in after this crap.
WiiFTW @ Jun 14th 2008 4:10PM
I'm one of the lazy ones who use the same/similar password for most everything:(
Jeff @ Jun 14th 2008 7:37PM
Yeah fuck that.
If something serious happens with my password, I can just sue, right?
Less effort than using a new password when I've had the same one for everything since 5th grade.
Aero @ Jun 14th 2008 4:49PM
Argh, now I have to go round and change all my passwords. I best get in the beta after this kerfuffle.
West @ Jun 14th 2008 4:56PM
Wait...did I sign up for this or no? I can't remember! I got no email either.
mundox @ Jun 14th 2008 5:37PM
Dr0wS54P is more better :D
POOLSCLOSED @ Jun 14th 2008 6:57PM
What is this, the poor man's TF2?
UltimateQ @ Jun 15th 2008 2:19AM
Well Since TF2 is so inexpensive. I would prefer to look at it as an alternative. Free is always better.
Lijik @ Jun 15th 2008 1:31PM
Not really, the gameplay is rather different than TF2's.
TeraPwn @ Jun 14th 2008 6:58PM
oh shit, i thought that email was phishing
BananaBoat @ Jun 14th 2008 7:06PM
This type of thing is why I almost never buy anything with a credit card online.
Ignatius @ Jun 14th 2008 7:13PM
Hah.. I'm glad I didn't sign up for this piece of crap. Good going, QA Boss. Quality Assurance my ass.
Deckard @ Jun 14th 2008 7:29PM
QA Boss - irony strikes again. You gotta be kidding me. Now 50% of all the beta signups I've ever entered have had a security breach.
Hopefully there won't be any "Flagship Studios' servers hacked" headlines. I'll leave it to you to figure out which other beta I signed up for.
Alex @ Jun 14th 2008 7:39PM
You must be kidding me? How did that happen, well time to change all my email and what not passwords, shit. EA Games better make this Beta pretty fing amazing if they think it's fine to send out our passwords.
cRPLbEAVES @ Jun 14th 2008 8:01PM
Whoah, i have no email. does this mean i'm good?
Iced_Eagle @ Jun 14th 2008 10:22PM
If you signed up there, then you were exposed.
Perhaps you signed up with a different email addy or it's getting sent to your spam box.
Cristian @ Jun 14th 2008 8:25PM
*sigh* Seriously? A breach? WTF... how can you not know how to properly secure something like that. Even with password encryption, the hashes can be easily cracked. Thanks EA, I just spent a fucking hour changing my passwords and updating them in my password manager...
web design company @ Jun 15th 2008 6:37AM
Everyone from Reddit to Mastercard has had a security breach. And the guys deserve credit for at least having the passwords encrypted unlike *some* people.
Bill @ Jun 14th 2008 11:13PM
How seriously should this be taken? I'm sure many signed up, what do you think the chances are of them finding my online accounts? Should I go all out on password resets? I have so many online accounts I can't count them.
Nick @ Jun 14th 2008 11:14PM
AFAIK, it was related to an old version of the bug tracking system Mantis they were using. Version 1.1.1 has both a "promote any user to administrator" vulnerability and a "execute arbitrary php" vulnerability.
Mr.ESC @ Jun 14th 2008 11:28PM
So....who is in? :D
squeevi @ Jun 15th 2008 9:41AM
I always try and think of a unique password for stupid things like this, places that I know I wont be using everyday. For this one it was EAsucks... Rather fitting, no? lol
juju187 @ Jun 15th 2008 10:18AM
random email addon for firefox ftw
Sean @ Jun 15th 2008 11:28PM
If they were morons and simply stored md5 hashed passwords, then this could will lead to some compromised accounts since reverse md5 databases exist.
If they were smart and added some salt to the hash, (i.e. password concatenated with "heroes", then run md5 on that) the encrypted passwords are worthless unless they can figure out what the salt was. Better yet, they would use some unique salt, such as the username so that an md5 database would not be helpful. I didn't have an account, but if I did, I would want to know this bit of information.
DAGO @ Jun 16th 2008 11:46PM
Oh man, for a minute I thought about using my secure password for this thing.
fearless_within @ Aug 3rd 2008 5:40AM
MOTHER......briliant idea mofo now we will have to wait even more for beta now.do evry1 a favor and jump of a 60 stroy toilet and explode into a bazillion bits!!!