Twitch Website Hacked – Users are warned to reset their passwords

Video games live streaming website Twitch has been hacked, leaving user account information including credit card details vulnerable.

Twitch Website Hacked

Twitch users’ accounts have been reset and it does not seem that any credit card or other financial information has been made available. But passwords do appear to have been leaked and the company recommends that users reset their details on any site where they use the same password.

Users this morning received emails this morning telling them that “there may have been unauthorized access to some of your Twitch user account information, including possibly your Twitch username and associated email address, your password (which was cryptographically protected), the last IP address you logged in from, and any of the following if you provided it to us: first and last name, phone number, address, and date of birth.”

Twitch accounts have had their passwords reset. Any connections between Twitch accounts and Twitter, Facebook or YouTube ones have been reset, and will need to be reconfigured by users.

Passwords have also been reset, and users will be prompted to set a new one when they first log back in to the service.

Amazon bought Twitch in 2014 for about $970 million (£650 million), outbidding internet giant Google for the company. Twitch receives more than 50 million unique visitors a month.

The deal was worth $970 million, and some analysts have said that the fast-growing industry could eventually be “bigger than Hollywood”.

Perth gamer caught in cyber crime raid

A PERTH man’s house has been raided by police after he allegedly tried to sell a prototype of Microsoft’s new Xbox gaming console on the internet.

The house of a person living in Perth was raided by the local police on grounds that he was trying to auction off the development kit of the upcoming next-generation gaming console in the Microsoft Xbox series on the online auctioning site eBay. The new Xbox console, codenamed Durango is due to be launched by Christmas this year. The person is a teenager, referred to as SuperDae whose real name is Dan ‘Dylan’ Henry, who had his house raided on February 19^th after the police furnished a search warrant and apprehended him as he attempted the sale of the prototype of the to be launched Durango console. Moreover, the Federal Bureau of Investigation was also involved in the raid and confiscation of items and is charging him with international corporate espionage.

Perth gamer caught in cyber crime

The raid was carried out a few months after the teenager discussed about the upcoming console on his Twitter account which happens to be quite popular and which he auctioned the development kit on eBay. A spokesperson for the West Australian police did mention that  ‘Technology Crime Investigation unit is currently conducting a multi-jurisdictional investigation into computer-related offences,’ and that ‘A search warrant was conducted Tuesday the 19th of February 2013 in relation to this investigation where items were seized.’ However the spokesperson did not make any comment on the involvement of FBI in the relevant raid. During the raid, items the police confiscated include computers, Blackberry, VISA cards, and banking records etc.

SuperDaE did tweet about the raid in his house tweeting ‘police raided me’ and said that ‘an FBI agent and 7-8 police in your house and also that , ‘I don’t even have bank cards to buy or pay for a lawyer or a phone,’.  He even published the police search warrant online and said that the mention of Microsoft, PayPal and eBay was funny. Microsoft, in the meanwhile has denied allegations that they were behind sponsoring the raid in any manner and they have nothing to do with all this, “Microsoft did not initiate this FBI investigation with this individual, as has been asserted in some of the articles in the media,” and that “We take security very seriously and have no evidence of any compromise of our corporate network. We have no further comment on this matter.”  However, the truth in this statement is disputed as is the involvement of the FBI.

All this controversy and hype surrounding the case has made people curious about this man and who he is actually. Well, SuperDae is an active and persistent video game hacker who has a record of infiltrating giant video game companies such as Epic, Blizzard and Sony and claimed to have obtained versions of games which were yet to be released. Moreover, he also claimed that he did not commit any hack for any personal gain or commercial profit but just as a curious hacker who wanted to expose security fallacies even thinking of himself as a cyber security consultant. Whether he is just a curious teenager caught in the act, or a cyber criminal will be clear only after further investigation.

Anonymous Threatens to Shutdown Facebook November 5

Anonymous has garnered limelight once again in the cyber world, after they threatened to shut down Facebook on the coming November 5. The notorious hacking group, famous the world over for their supposed acts of internet hacktivism, which is the practice of hacking websites of organisations or governments for political or social reasons. Anonymous, who have always pledged to fight injustice and corruption with their unique philosophy of anonymity to bring change in the system and society, which is the reason why they have garnered a lot of supporters online who believe in their methods and dogmas.
 

Anonymous Threatens to Shutdown Facebook

This time around also, Anonymous is using its influence to prevent injustice and has threatened Facebook not because of any personal prejudice. Actually, the story goes like this. A few days ago, the gaming giant Zynga decided to lay off five percent of its workforce in their new restructuring plan owing to the stiff competition and announced the closure of some of its branches. This decision was obviously not appreciated much by Anonymous and they threatened Zynga and Facebook with a cyber attack that will shut down both the sites. Zynga is the gaming company that developed games like Farmville, Cityville, and Words and friends for Facebook which are hugely popular with the masses. Moreover, the company was responsible for 14% of the revenue of Facebook for the first six months of 2012.  The group announced this threat in a YouTube video that the gaming company is on their hit list because of the outrageous treatment of their employees and their actions against many developers. The hacker group also criticized the company’s plan to reduce workforce while sitting on their billion dollars cash and threatened to release games that they claim their hackers have stolen for free along with some confidential documents and they promised that they will put their attack to rest if the company withdraws its restructuring plan. The reason Facebook Inc has been targeted is because it is the main platform for games developed by Zynga. Moreover, Anonymous has always voiced its dislike for the privacy and security loopholes in the site and believe that Facebook has become an invasive company who sells private information of its users to government agencies which can be another reason for targeting Facebook.

Well, this incident has become the talk of the town for millions of netizens and facebook users and the reactions to this announcement are highly polarized. While the supporters of Anonymous believe that it is a step in the right direction by the hacking group and those opposed to the idea of social networking are in their favour. However, a lot of people are sharply criticizing this action of Anonymous and claim that they need Facebook to promote themselves and cannot shut down the social networking giant with a cyber attack. Then there are those who have commented that this threat is not from the congregation Anonymous, but some isolated members and that all these threats are false and do not hold any truth. Well, the truth of this announcement will be revealed on the 5th November but it has generated a huge amount of buzz online.

Steam Browser Protocol Vulnerability

Steam Browser Protocol Vulnerability can allow hackers to hijack PC

Steam is an online platform developed by the Valve Corporation used for online distribution of games and multimedia which also supports communication to all types of distributors irrespective of the size of their enterprise. It can also be used to distribute non-gaming software as well which was introduced earlier this month. It was initially designed for Windows, but later on was developed with compatibility for Mac OS X, Linux, iOS, and PlayStation 3 as well. Users of steam have access to full installation and customization features, chat functionality and an application programming interface, Steamworks, which provides developers with the opportunity of adding features specific to Steam to their software. As of now, more than 50 million user accounts are active on Steam and more than 1500 games are accessible at present and it holds a major share of the game distribution arena.

Steam Browser Protocol Vulnerability can allow hackers to hijack PC

Upon installation, Steam uses its own URL handler for a better experience and the steam:// URL protocol is used to install or uninstall games, run them, connect to servers, and for backing up files and activation of purchases through commands. These commands can be used by hackers of cyber attackers to exploit vulnerabilities in the Steam games and Steam clients to deceiving them into opening maliciously altered steam:// URLs. This is even more serious as most browsers or applications can pass these URLs directly to clients without any notification and those browsers which do ask for user consents do not disclose complete information about the hazards that accompany the execution of these URLS. Most of the browsers do not display full details of the URLs and ask for permissions except Internet Explorer 9, Opera and Google Chrome which are able to display complete or partial URLs and heed warnings about possible damage resulting from their execution while Firefox does not display any warning despite asking for permission. Experts have shown that Mozilla browsers viz. SeaMonkey and Firefox are the perfect vectors for performing silent Stream Browser Protocol calls and Opera and Chrome have the ability to add spaces in order to hide the malicious part of the URL. Moreover, JavaScript codes can also be used in order to redirect users to the harmful URLs. In addition, browsers asking for user permission also come with options to change this routine and automatically execute URLs.

Many demonstrations have been made regarding the use of steam:// URLs to exploit vulnerabilities in Steam games and clients. For instance, the “retailinstall” command can be used to execute a malicious code using a deformed splash image file. Also .bat files are also used to help attackers gain control by automatically executing commands in Valve’s Source game engine using the steam://  URLs which executes the files in startup directory . Moreover, other gaming engines such as Unreal are also popular targets of attackers who use them to help load malicious files using rogue steam URLs. However, a user can protect their PC by disabling execution of steam:// URLs manually or by using a browser that is incapable of executing URLs on its own. However, since non-gaming software has also been made available on Steam, a user must be cautious as the risk becomes higher now.