DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Confirmation from GameReplays.org About Recent Breach

Posted on May 30, 2012 by Lee J

From Jon "AgmLauncher" LeMaitre, co-owner and general manager of GameReplays. As of May 28th, the GameReplays member database was breached, and approximately 5000 emails and encrypted passwords were leaked. On May 27th, an Anonymous affiliated hacker by the name of ecECus sent the following email (in Spanish, mind you …):

The Following Enquiry to GameReplays WAS submitted on 27 May 2012 7:42Name: _ecECus_Email: [email protected] Que tal, el motivo de este contacto con ustedes es para informarles que tienen una importante vulnerabilidad de SQL en su pagina, afortunada o desafortunadamente me tope con esta falla en su pagina.. como han de saber se puede ver toda la información de los usuarios Registrados así como TODA! su base de datos.. ("gamerp_gamerp"), iP’s, etc.. no creo que eso agrade a los suscriptores.Mi ideología no se apega a hacer el mal usando mis conocimientos, al contrario les informo que tienen ese error para que no caigan en manos de lamers y la información de cada usuario registrado quede al descubierto.. espero que pronto arreglen ese fallo..We Are AnonymousWe Are LegionWe Don’t ForgiveWe Don’t ForgetExpect Us!Un Cordial Saludo.. un agradecimiento en su pagina no estaría nada mal.. wink.gif

Roughly translated, he says he found a vulnerability with GR’s database, but that his intentions were not for evil. He simply wanted to alert us of the problem so that we might have a chance to fix it, before anyone does anything malicious. He also kindly asked for some credit to be given for discovering the issue. Ok, fair enough! Sounds great right? Fast forward about 24 hours later, and what shows up on the internet? A dump of about 10,000 GR accounts, released by who? ecECus; the same guy who claimed his intentions were not evil. Given that he sent the email in Spanish, and I was out celebrating Memorial Day weekend, I had no chance to address his email and thank him for alerting us to the issue. Because I was not able to respond to an email (written in a language I don’t know), within 24 hours, he decided to go ahead and give himself credit for the hack. (update: and then do it again later today). So to recap: 1. On the 27th I get an email, in Spanish, alerting me of a vulnerability. 2. The email claims that he is simply giving us a friendly tip and means no harm. 3. The email divulges absolutely no details that would actually help us determine where the vulnerability is, or how to exploit it for ourselves in order to protect against it. 4. This person wants credit for "helping" us. 5. On the 28th, he goes and releases personal information from GR’s database on the web. 6. On the 29th (today), he does it again, still no useful information that would actually help us fix this vulnerability. Further, GameReplays only has about 35 hours/week of development time available to it to create new features that the community wants and needs. I personally commit 15 hours per week on top of my regular 45 hours/week job. The other 20 hours is generously contributed by the rest of our coding staff (namely subroutine, -null-, Forlong, and Kustodian). At present we are using that very limited coding bandwidth to develop a new framework that will help us create new features more quickly and easily. The framework is done and ready for development, but since ecECus has decided to hack GameReplays and make his results public, we are forced to stop development of features like the VoD system, tournament system, and many others, just to figure out where this security vulnerability is. Ironically, GameReplays fully appreciates the efforts of Anonymous in their role of helping to keep governments and corporations honest. Various acts from the US government such as PROTECT-IP and many others, are a direct threat to the existence of GameReplays. Anonymous has been helping to expose the corrupt links between corporate lobbying and various governments which threaten the very nature of the web. Sadly, there are people like ecECus who give Anonymous and other hackers a bad reputation, since his goal isn’t to help, but rather, to be immature and stroke his own ego. As such, we invite anyone who ACTUALLY wants to help, to hack GameReplays and give us details about where our vulnerabilities are. Rather than making them public, they can be sent to us through our Contact form, or we will even create a special forum where security vulnerabilities can be discussed. Unfortunately, because we have such limited development resources, we cannot do this alone. Therefore anyone who helps us will be given due credit. We would like to apologize and let our members know that no truly sensitive information was stolen, but the emails of about 10,000 members have been exposed. We will be sending out PMs and emails notifying those who have been compromised. Once this vulnerability has been fixed, we will re-salt everyone’s passwords and take extra steps to make sure everyone’s accounts are more secure in the future. Sincerely, Jon LeMaitre Co-Owner and General Manager GameReplays.org as from here

Related posts:

  • Operation Anti Security Breakdown and targets, the full time line
  • #Anonymous set sights on F1 second year in a row for #OpBahrain
Category: Breach Incidents

Post navigation

← Interview: UGNAZI Member @CosmoTheGod
Sen. Franken: Encrypt laptops with medical info →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.