DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Confirmation from GameReplays.org About Recent Breach

Posted on May 30, 2012 by Lee J

From Jon "AgmLauncher" LeMaitre, co-owner and general manager of GameReplays. As of May 28th, the GameReplays member database was breached, and approximately 5000 emails and encrypted passwords were leaked. On May 27th, an Anonymous affiliated hacker by the name of ecECus sent the following email (in Spanish, mind you …):

The Following Enquiry to GameReplays WAS submitted on 27 May 2012 7:42Name: _ecECus_Email: [email protected] Que tal, el motivo de este contacto con ustedes es para informarles que tienen una importante vulnerabilidad de SQL en su pagina, afortunada o desafortunadamente me tope con esta falla en su pagina.. como han de saber se puede ver toda la información de los usuarios Registrados así como TODA! su base de datos.. ("gamerp_gamerp"), iP’s, etc.. no creo que eso agrade a los suscriptores.Mi ideología no se apega a hacer el mal usando mis conocimientos, al contrario les informo que tienen ese error para que no caigan en manos de lamers y la información de cada usuario registrado quede al descubierto.. espero que pronto arreglen ese fallo..We Are AnonymousWe Are LegionWe Don’t ForgiveWe Don’t ForgetExpect Us!Un Cordial Saludo.. un agradecimiento en su pagina no estaría nada mal.. wink.gif

Roughly translated, he says he found a vulnerability with GR’s database, but that his intentions were not for evil. He simply wanted to alert us of the problem so that we might have a chance to fix it, before anyone does anything malicious. He also kindly asked for some credit to be given for discovering the issue. Ok, fair enough! Sounds great right? Fast forward about 24 hours later, and what shows up on the internet? A dump of about 10,000 GR accounts, released by who? ecECus; the same guy who claimed his intentions were not evil. Given that he sent the email in Spanish, and I was out celebrating Memorial Day weekend, I had no chance to address his email and thank him for alerting us to the issue. Because I was not able to respond to an email (written in a language I don’t know), within 24 hours, he decided to go ahead and give himself credit for the hack. (update: and then do it again later today). So to recap: 1. On the 27th I get an email, in Spanish, alerting me of a vulnerability. 2. The email claims that he is simply giving us a friendly tip and means no harm. 3. The email divulges absolutely no details that would actually help us determine where the vulnerability is, or how to exploit it for ourselves in order to protect against it. 4. This person wants credit for "helping" us. 5. On the 28th, he goes and releases personal information from GR’s database on the web. 6. On the 29th (today), he does it again, still no useful information that would actually help us fix this vulnerability. Further, GameReplays only has about 35 hours/week of development time available to it to create new features that the community wants and needs. I personally commit 15 hours per week on top of my regular 45 hours/week job. The other 20 hours is generously contributed by the rest of our coding staff (namely subroutine, -null-, Forlong, and Kustodian). At present we are using that very limited coding bandwidth to develop a new framework that will help us create new features more quickly and easily. The framework is done and ready for development, but since ecECus has decided to hack GameReplays and make his results public, we are forced to stop development of features like the VoD system, tournament system, and many others, just to figure out where this security vulnerability is. Ironically, GameReplays fully appreciates the efforts of Anonymous in their role of helping to keep governments and corporations honest. Various acts from the US government such as PROTECT-IP and many others, are a direct threat to the existence of GameReplays. Anonymous has been helping to expose the corrupt links between corporate lobbying and various governments which threaten the very nature of the web. Sadly, there are people like ecECus who give Anonymous and other hackers a bad reputation, since his goal isn’t to help, but rather, to be immature and stroke his own ego. As such, we invite anyone who ACTUALLY wants to help, to hack GameReplays and give us details about where our vulnerabilities are. Rather than making them public, they can be sent to us through our Contact form, or we will even create a special forum where security vulnerabilities can be discussed. Unfortunately, because we have such limited development resources, we cannot do this alone. Therefore anyone who helps us will be given due credit. We would like to apologize and let our members know that no truly sensitive information was stolen, but the emails of about 10,000 members have been exposed. We will be sending out PMs and emails notifying those who have been compromised. Once this vulnerability has been fixed, we will re-salt everyone’s passwords and take extra steps to make sure everyone’s accounts are more secure in the future. Sincerely, Jon LeMaitre Co-Owner and General Manager GameReplays.org as from here

Category: Breach Incidents

Post navigation

← Interview: UGNAZI Member @CosmoTheGod
Sen. Franken: Encrypt laptops with medical info →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Nigerian National Sentenced To More Than Five Years For Hacking, Fraud, And Identity Theft Scheme
  • Data breach of patient info ends in firing of Miami hospital employee
  • Texas DOT investigates breach of crash report records, sends notification letters
  • PowerSchool hacker pleads guilty, released on personal recognizance bond
  • Rewards for Justice offers $10M reward for info on RedLine developer or RedLine’s use by foreign governments
  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • California county accused of using drones to spy on residents
  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.