From a quick skim of the article and some of the others floating around on the internet, the researchers noted that most of the data is compiled from past breaches and there's a significant amount of duplicated data as well.
This Leak specifically you can think of a compilation of Data breaches spanning multiple years and countries. Someone or some group had a massive database storing breached credentials (and hopefully not PII) either used to conduct cyber attacks and or to sell. Said databased leaked to a “wider audience” how or why we currently do not know. How the data got on the database to begin with could be for 100s of different reasons. Phishing campaigns, Day-0 exploits, Unpatched and vulnerable infrastructure, FW misconfigurations, PAM negligence, general negligence. Could be anything
used to work in this field, basically the company has the ability to secure things, but it costs a lot money. So when youre balancing a check book, and it comes down to keeping the business running or securing your data, they will choose to keep the lights on. its why i left the field, they dont give a shit if your data is stolen
>According to the team, the consumer impact of the supermassive MOAB could be unprecedented. Since many people reuse usernames and passwords, malicious actors could embark on a tsunami of credential-stuffing attacks.
>
>“If users use the same passwords for their Netflix account as they do for their Gmail account, attackers can use this to pivot towards other, more sensitive accounts. Apart from that, users whose data has been included in supermassive MOAB may become victims of spear-phishing attacks or receive high levels of spam emails,” the researchers said.
^(tldr; change yo password foo)
Given that KMS is under [nexon.com](https://nexon.com), and the fact that this "breach" is mostly just pre-existing data, it's possible that it's from the [2011 KMS leak](https://www.reuters.com/article/idUSTRE7AP09I/)
If that's the case then it shouldn't really affect GMS that much I guess
Nexon dot com is Korean nexon website. most likely it's referring 2011 incident. iirc, players were compensated with one pet for their information leak
It should be noted that as of now, this seems to be a compilation of old leaks.
"The supermassive MOAB does not appear to be made up of newly stolen data only and is most likely the largest compilation of multiple breaches (COMB)."
Changing your passwords, using different passwords and using 2FA will help mitigate the aftereffects of future leaks.
700 atk stonetooth swords? Bad enough the stats were crazy. They eventually dropped down to like 5k nx per sword. Same with the 300 atk red cravens and those bows. It was wiiiiildd.
We've known about this for years and honestly it was bad. Nexon had several incidents happen that shouldn't have happened.
1. 2008 Ecko hacks a GM. Windia gets decimated with tons of people banned. Admin posted his username and password in the marquee text notification. Hacker runs rampant for over an hour.
2. 2009 SQL injection attack steals user accounts from 2008 and onward. Many player accounts hacked and items stolen on every server.
3. 2011 Hacker steals account information of 13+ million users. Not known what happened to the data, what all was stolen, but possibly sold on the dark web for bitcoin.
4. 2018 Equifax had a massive data breach, possibly involving many accounts including Nexon.
5. 2023 Ninja Defender steals a massive amount of information containing user emails and other information. Not know if information from 2009 and 2011 hacks still had relevancy. If hackers did get email addresses, they could use them to see what accounts could be hacked and stolen from, and possibly get passwords reset, change email addresses, steal Nx, etc.
For years several of us who know IT, we kept trying to tell Nexon to encrypt the game data using 256-bit AES encryption both in data transmission, game files, and the server data. As always the braindead population of the forums pounced claiming encryption would slow down the game, create lag, and cause problems. We kept asking because we knew if a data breach dis occur any data under 256-bit AES encryption wouldn't be easily cracked and possibly end up useless when stolen without the encryption keys.
Like everything else... Guess what happened...
How does data leak like this even happen? Not an IT guy so genuinely curious Were they hacked or something?
From a quick skim of the article and some of the others floating around on the internet, the researchers noted that most of the data is compiled from past breaches and there's a significant amount of duplicated data as well.
This Leak specifically you can think of a compilation of Data breaches spanning multiple years and countries. Someone or some group had a massive database storing breached credentials (and hopefully not PII) either used to conduct cyber attacks and or to sell. Said databased leaked to a “wider audience” how or why we currently do not know. How the data got on the database to begin with could be for 100s of different reasons. Phishing campaigns, Day-0 exploits, Unpatched and vulnerable infrastructure, FW misconfigurations, PAM negligence, general negligence. Could be anything
What does this mean for countries that made laws to force companies to come clean on data breaches?
used to work in this field, basically the company has the ability to secure things, but it costs a lot money. So when youre balancing a check book, and it comes down to keeping the business running or securing your data, they will choose to keep the lights on. its why i left the field, they dont give a shit if your data is stolen
>According to the team, the consumer impact of the supermassive MOAB could be unprecedented. Since many people reuse usernames and passwords, malicious actors could embark on a tsunami of credential-stuffing attacks. > >“If users use the same passwords for their Netflix account as they do for their Gmail account, attackers can use this to pivot towards other, more sensitive accounts. Apart from that, users whose data has been included in supermassive MOAB may become victims of spear-phishing attacks or receive high levels of spam emails,” the researchers said. ^(tldr; change yo password foo)
Given that KMS is under [nexon.com](https://nexon.com), and the fact that this "breach" is mostly just pre-existing data, it's possible that it's from the [2011 KMS leak](https://www.reuters.com/article/idUSTRE7AP09I/) If that's the case then it shouldn't really affect GMS that much I guess
Nexon dot com is Korean nexon website. most likely it's referring 2011 incident. iirc, players were compensated with one pet for their information leak
Was the pet at least cute, I mean vac pets weren’t a thing back then. I’m assuming it was a kino pet or something.
It should be noted that as of now, this seems to be a compilation of old leaks. "The supermassive MOAB does not appear to be made up of newly stolen data only and is most likely the largest compilation of multiple breaches (COMB)." Changing your passwords, using different passwords and using 2FA will help mitigate the aftereffects of future leaks.
Nexon: damn that’s crazy let’s put another cap on reboot
I am also a cybersecurity professional. This is a collection of data already leaked. Nothing new.
[удалено]
Go to nexon.com right now. It has links to every region. You can even log in the site with your nexon account, so better change your passwords.
Nexon is my favorite comedy
Lmao, 2024 is a terrible year for Nexon huh
who here remembers mts
700 atk stonetooth swords? Bad enough the stats were crazy. They eventually dropped down to like 5k nx per sword. Same with the 300 atk red cravens and those bows. It was wiiiiildd.
o yea those, but brought it up here mostly bc the mts was a part of a massive login info leak
I was not part if nexon breach but looks like my old ass Tumblr was and coupon mom.XD
We've known about this for years and honestly it was bad. Nexon had several incidents happen that shouldn't have happened. 1. 2008 Ecko hacks a GM. Windia gets decimated with tons of people banned. Admin posted his username and password in the marquee text notification. Hacker runs rampant for over an hour. 2. 2009 SQL injection attack steals user accounts from 2008 and onward. Many player accounts hacked and items stolen on every server. 3. 2011 Hacker steals account information of 13+ million users. Not known what happened to the data, what all was stolen, but possibly sold on the dark web for bitcoin. 4. 2018 Equifax had a massive data breach, possibly involving many accounts including Nexon. 5. 2023 Ninja Defender steals a massive amount of information containing user emails and other information. Not know if information from 2009 and 2011 hacks still had relevancy. If hackers did get email addresses, they could use them to see what accounts could be hacked and stolen from, and possibly get passwords reset, change email addresses, steal Nx, etc. For years several of us who know IT, we kept trying to tell Nexon to encrypt the game data using 256-bit AES encryption both in data transmission, game files, and the server data. As always the braindead population of the forums pounced claiming encryption would slow down the game, create lag, and cause problems. We kept asking because we knew if a data breach dis occur any data under 256-bit AES encryption wouldn't be easily cracked and possibly end up useless when stolen without the encryption keys. Like everything else... Guess what happened...
Maplestory post on my front page. U know the drill