Yesterday a hacker stole data from Gamigo's database and compromised their forums and sites. It seems that the data released to public via the hosting service called mediafire.

It should contain user data with passwords in plain text. Now the Regnum launcher notifies me that "user not found". I already checked my password - it's correct. The client doesn't start, neither with the launcher nor directly.

Is there a chance to get my account back and play Regnum?

Yesterday a hacker stole data from Gamigo's database and compromised their forums and sites. It seems that the data released to public via the hosting service called mediafire.

It should contain user data with passwords in plain text. Now the Regnum launcher notifies me that "user not found". I already checked my password - it's correct. The client doesn't start, neither with the launcher nor directly.

Is there a chance to get my account back and play Regnum?

All Gamigo passwords has been reset on our database. Changing it should allow you to enter the game again.

And how can we change our password? All gamigo sites aren't accesable...

All Gamigo passwords has been reset on our database. Changing it should allow you to enter the game again.
How I can change my password? The gamigo Account System is still offline.
Can I use NGD's retrieve password form? :¬¬:

All Gamigo passwords has been reset on our database. Changing it should allow you to enter the game again.

At least some professionalism. It's a good thing that was done so fast, since basically everyone can download the whole data base. :facepalm2:

At login there appears: User/password not valid. The same if I want to login on http://www.regnumonlinegame.com/. So I sent a new password request and changed my password. Now I can log in to http://www.regnumonlinegame.com/ and have full acces there. But if I try to log in to the game with my old Username and my new password still "User/password not valid" appears... And I don't see my character overview on http://www.regnumonlinegame.com/ so I think all is gone?:bangin:

Nothing is gone, all of you should worry about other accounts of yours, though. If you use the same password over and over again, that is. I don't, and I for sure know why.

Nothing is gone, all of you should worry about other accounts of yours, though. If you use the same password over and over again, that is. I don't, and I for sure know why.

I don't get what you mean?
I have unique passwords for my logins.
Can you login with your gamigo account? With your old password? With a changed password? If changed, then here:http://www.regnumonlinegame.com/ or where else?

And if you were logged in to http://www.regnumonlinegame.com/ you could see a character overview with XP/gold etc for each character. I can login there and no character is shown there, so I suppose the data isn't existing anymore?

I don't get what you mean?
I have unique passwords for my logins.
Can you login with your gamigo account? With your old password? With a changed password? If changed, then here:http://www.regnumonlinegame.com/ or where else?

And if you were logged in to http://www.regnumonlinegame.com/ you could see a character overview with XP/gold etc for each character. I can login there and no character is shown there, so I suppose the data isn't existing anymore?

The data is there, the website character viewer was disabled some days ago due to database overload. No character data was lost. Don't worry.

Hi,
as I understood this, all passwords for gamigo accounts were resetted.
So it should be possible to use the "forgot password" form on regnumonline.com.ar, to login with a gamigo account to RA, right?

What shall the ones do that forgot the email address which they used to register the account?

cheers

Hi,
as I understood this, all passwords for gamigo accounts were resetted.
So it should be possible to use the "forgot password" form on regnumonline.com.ar, to login with a gamigo account to RA, right?


cheers

I cannot log in with a changed password. Still "user/password not valid".
Don't really know how http://www.regnumonlinegame.com/ is connected to gamigoAccountsystem (offline since yesterday) and which password is for logging to the game...

The account system is tied to Gamigo's. You should reset your passwords using their site, and not try to bypass them using our tools. We can't touch your Gamigo accounts due to contractual reasons.

I'm sorry but you'll probably have to wait until Gamigo fixes their system.

http://i.imgur.com/QmF8r.png
i am watching you :D you run out of date software and store users account passwords in MD5 and on some databases in plain text.

It doesn't really surprise me from Gamigo's part. They should really feel ashamed.

Unfortunately, the fall of Fort nightly battles, because it gets baked gamigo not know, investigate this incident -.- I caught it on horus. :D

MD5 hashes if not salted are very very easy to crash. Rainbow tables, GPU crackers do wanders.

http://i.imgur.com/QmF8r.png


It doesn't really surprise me from Gamigo's part. They should really feel ashamed.

Not only Gamigo... :bounce:


P.S. /me loves this hax0r thread xD

MD5 hashes if not salted are very very easy to crash. Rainbow tables, GPU crackers do wanders.

Better than nothing at all, though.

Better than nothing at all, though.

In this case, both. :facepalm2:

I hope that this incident isn't leading to a dangerous shrink in player-population and willing-to-pay Customers. Get well soon! :)


The account system is tied to Gamigo's. You should reset your passwords using their site, and not try to bypass them using our tools. We can't touch your Gamigo accounts due to contractual reasons.

I'm sorry but you'll probably have to wait until Gamigo fixes their system.

Actually I was a little bit impatient and may or may not have resettet my PW using NGDs "reset PW request" :O
..At least I'm now able to vist the Forum. ;)

Here is a forum where are some informations!


http://forum.gamigo.com/

There was an attack on the gamigo database in which user information, such as alias usernames and encrypted passwords were stolen.


md5(md5($pass).$salt)


Encrypted.......

http://ginoraidy.files.wordpress.com/2012/01/tumblr_lx4or62fjn1qmyyan.png

Forum passwords are clearly plain text. My password is in the list. :P

Forum passwords are clearly plain text. My password is in the list. :P

I dont quite get it, what list are you talking of?

The list that got published with all forum accounts and their passwords. No, I won't spread the link if you bother me via PM. :facepalm2: (Already received like 3)

I dont quite get it, what list are you talking of?

Gamigo claimed they encrypted all passwords. But they didn't because I and several people have seen the dump of users/passwords and they are definitely not encrypted...at all.

https://de.gamigo.com/showlayer/resetpassword

It's not working for me.. it says '' you're not able to change your password at the moment''

NGD, if you value your customers stop whatever you are doing right now and do a double check that this won't happen to Horus or RA.

You still use account names for the forum which is a big no-no.

Require everyone to make a mandatory forum name change as soon as possible. vBulletin or not, everything gets hacked in time.
(And forums are the #1 hacked thing on the Internet, as any veteran website owner knows.)

And most importantly... stop relying on MD5s for a password scheme, they have been insecure for some years now. (http://en.wikipedia.org/wiki/MD5#Security), even when salted.

I feel for anyone who has invested money into Gamigo servers and hope that nothing bad will come of this.

(...)because Gamigo is a bunch of incompetent banterers that seem not to care about Regnum Online anymore.
Besides that, they don't care about Regnum, don't keep a single promise of theirs...
German community needs a new publisher!

At least their account system seems to work again and you have to change the resetted password following this instructions:

http://forum.gamigo.com/showthread.php?1-Wichtig-%C4ndert-eure-Passw%F6rter!&p=1#post1 (german)

http://forum.gamigo.com/showthread.php?2-Important-Change-your-passwords!&p=2#post2 (english)

however their server is currently overloaded because all the players from their 20 or more games are trying to change their pw now so it is normal to get timeouts - it took me around 5 tries over 2 hours to log into the account system, now it hangs at the passward change procedure for Regnum.
I'll try tomorrow morning again :play_ball:

The version of the hacked Gamigo forum was:
Powered by vBulletin® Version 3.8.7

and this forum here is:
Powered by vBulletin® Version 3.8.2
So this version is older than the hacked Gamgio forum.

I hope, that this forum here is secure and not so easy to hack as the Gamigo forum was.

The new Gamigo forum is:
Powered by vBulletin® Version 4.1.10

Plz NGD, check this quickly!

The version of the hacked Gamigo forum was:


and this forum here is:

So this version is older than the hacked Gamgio forum.

I hope, that this forum here is secure and not so easy to hack as the Gamigo forum was.

The new Gamigo forum is:


Plz NGD, check this quickly!

The key of hack is not the version of forum.

The key of hack is not the version of forum.
I know, but an older version of the same forum software can be hacked with the same key/algorithm, maybe?
(same security gaps)

I know, but an older version of the same forum software can be hacked with the same key/algorithm, maybe?
(same security gaps)

Sure. But let's say, that this is one of the possible methods. NGD has serious issues too. Gamigo in this case was a little bit unlucky, as they've been defaced.

Besides that, they don't care about Regnum, don't keep a single promise of theirs...
German and French communities need a new publisher!

Besides... Like the others, changed password, but still unable to log.

/me is waiting...

Yup I'm screwed.. I remember the E-mail I created for my account, I changed it 1 year ago and now I can't remember. Hopefully Gamigo/Support is online soon.

Would be stupid if they wouldn't change.

A ring, a ring o' roses,
A pocket full o’posies-
Atishoo, atishoo, we all fall down.

Pitiful stuff, unfortunate.

Security Gap in gamigos forum, known already in May 2011


http://2.bp.blogspot.com/-4Bi5EEhuaio/T1ABGEBF8rI/AAAAAAAABN0/4wktfUH-Cpw/s1600/gamigo1.jpg

Well, I changed the password in the gamigo account system like 6 hours ago (the system replied with a "game password changed succesfully") and still can't login.

In the spanish sections there are complains about delies up to 24hours changing the password using the NGD tools (with NGD accounts)

a mi me paso, tardo 24 horas en reflejarse el cambio de contraseña lo cual me parece PESIMO ya que algo critico como un cambio de pass deberia ser automatico. De ultima, si no pueden hacer que sea asi que se deshabilite el acceso a la cuenta del juego hasta que se efectue el cambio.
Espera y ya va a cambiar
http://regnumonline.com.ar/forum/showthread.php?t=87200

If this is true I guess we all have to wait until tomorrow - Surak, could you tell us something about the procedure and how fast it is supposed to work?

Well, I changed the password in the gamigo account system like 6 hours ago (the system replied with a "game password changed succesfully") and still can't login.

In the spanish sections there are complains about delies up to 24hours changing the password using the NGD tools (with NGD accounts)


http://regnumonline.com.ar/forum/showthread.php?t=87200

If this is true I guess we all have to wait until tomorrow - Surak, could you tell us something about the procedure and how fast it is supposed to work?

I changed my password yesterday about 11 pm, and was able to login at 2.30 pm today.

Anonymous did!! xD

http://regnumonlinegame.com/index.php?l=1&sec=23

This worked for me, I changed my password and I'm able to login again.

http://regnumonlinegame.com/index.php?l=1&sec=23

This worked for me, I changed my password and I'm able to login again.

Haha Quit Nemon man, join Horus.

http://regnumonlinegame.com/index.php?l=1&sec=23

This worked for me, I changed my password and I'm able to login again.

Thanks, I was not able to change the password because the NGD site where you can change it is in "maintenaince" but I received the email with the autogenerated number password and can play using this .. for the moment ok ;)

Thanks, I was not able to change the password because the NGD site where you can change it is in "maintenaince" but I received the email with the autogenerated number password and can play using this .. for the moment ok ;)

Ok try to login with your account on NGD site (with your new password), go to the option '' change my password'' change it in what you would like to have.

@Archonaut: Never mate :p, maybe when I got bored and feel like to play on Horus again

There are some vBulletin Version 3.8.2 exploits released to public. :¬¬:

I think the server admins from NGD should learn something from Gamigo's fail. First thing is secure configuration of apache, ssh, etc. and second to keep the software up to date.

With a new version of the forums would we finally be able to use customized avatars?

http://i.imgur.com/ShcFG.jpg

trollface.jpg

There are some vBulletin Version 3.8.2 exploits released to public. :¬¬:


Only if you use a untouched version of vBulletin exploits are avaible.
Any admin tweaks this kinds of forum/blog/database.

Thats a lesson to Gamigo.... Now they will use better security

Optimism, sweet optimism :angel2:

Only if you use a untouched version of vBulletin exploits are avaible.
Any admin tweaks this kinds of forum/blog/database.

I don't think Gamigo has heard of this thing called "admin". At our lovely GEMA they haven't, either.

http://img1.imagebanana.com/img/y9w4hc23/calvin.png

Holas a todos

Solidaridad para los jugadores Nemon

Estas personas han tambien contribuido financieramente al desarrollo de este juego.(ximes)
Ellos están en un callejón sin salida.
Por falta de dirección de correo electrónico.
Se debe proporcionar a Gamigo: Prueba de identidad...
Fotocopia de la cédula de identidad, pasaporte... para restaurar la cuenta al jugador
Los datos personales, ya han sido robados en la base de datos
Los usuarios pueden confiar en ellos?...

Una situación excepcional...exigen medidas excepcionales para reparar la culpa.
Ejemplo: (imágenes de sus personajes, dirección conexión (IP)...)
Nada de lo que toca las vidas de las personas privadas.

Muhahaha ... También pidieron a la fecha de creación de la cuenta y la dirección de correo electrónico de éste cuenta perdido.

NGD acudir en su ayuda por favor

dude wrong language ;o

Hello all
In solidarity with the players Nemon
These individuals also contributed financially to the development of this game (ximes)
They are in an deadlock.
They must provide at Gamigo: Evidence of their identity...
Photocopy of identity card or passport ... for to restore their account
I remember that personal data were stolen from the database Gamigo.
Users can they be trusted?...
An exceptional situation does not require exceptional measures to repair the fault? (Example: photos of their character or IP connection address....)
Y was he not a way to prove things without going into the private lives of people?

Muhahaha...They also asked the date of registration of the account and the e-mail lost.

NGD Help them please


Sorry error ...Pakos for the wrong language.

My English is not good so I use a translator

Y was he not a way to prove things without going into the private lives of people?

At least according to the announcements Gamigo made in the german forums you have the choice between sending them account information (screenshots, items you posses, gold, wm coins, whatever) or sending your identity card.

That's the theory, in the practical usage the Gamigo support staff will always ask your for the ID - at this point you have to say "No, I will send you ingame information instead"; if they don't want to accept it tell them that their gamigo product manager offered this way in the forums. Going that way will slow down the process, no doubts about it.

The point is that they have to check the ingame data you provide them. When you send them the ID card they don't even look at it; there are several cases where they changed the accounts email (that means the same as changing the account owner) without checking the name of the sent ID card - yeah, they assigned wrong accounts ... that's Gamigo :eek24:


I remember that personal data were stolen from the database Gamigo.
Users can they be trusted?...

No, they can not be trusted.
Beside the already mentioned wrong assignation of accounts that brings a bit of light into the caotic situation at gamigos help desk there were more incidents AFTER they have been hacked.

For example last Friday players were able to reset their GAS (gamigo account system) password, however players who tried do to the same the next day (saturday) were unable to login. Gamigo could not solve the issue during 6 hours.
Then a player found the error, newly (on saturday) registered players had to create a MD5 Hash with their password and insert the MD5 hash into the pasword login field to connect to the system.

Nice, anybody who worked a bit with databases knows what this means. Old passwords were stored as plain text in the SQL database while passwords created on saturday or later were stored using unsecure MD5 encryption. An absolute no go!
They appearently have no clue what they are doing at Gamigo.

...
No, they can not be trusted.
[...]

Gamigo cannot be trusted indeed. Gamigo is owned by Axel Springer AG, which is one of the largest multimedia companies in Europe. This doesn't help with their credibility IMHO.

Great, after a complete shutdown of all services for several hours during the morning Gamigos system is offline again - second time just today. :tsk_tsk: