Nov 21, 2014

Game Site Accounts Hacked: Action Required

A hacking group has obtained login credentials for PlayStation Network, 2K Game Studios, and Windows Live. The hackers, known as DerpTrolling, have released a subset of the data to confirm their claim, which LastPass has reviewed and determined the leaked credentials are valid. This group has also claimed responsibility for a DDoS (distributed denial-of-service) attack on Blizzard Entertainment in which they overloaded their servers and shut down the service to users over the weekend.

According to the hacker group, the motivation for the attack was to demonstrate to the gamer community the vulnerability of their information and to compel these large companies to further protect the information of their customers. The breadth of the leaked information could be vast. A member of the group claimed "We have 800,000 from 2K and 500,000 credit card data. In all of our raids we have a total of around 7 million usernames and passwords...We have around 2 million Comcast accounts, 620,000 Twitter accounts, 1.2 million credentials belonging to the CIA domain, 200,000 Windows Live accounts, 3 million Facebook, 1.7 million EA origins accounts, etc."

Action Required

LastPass has deactivated the exposed accounts who reused their LastPass master password with these services. Remember... if you’re reusing passwords, especially your LastPass master password, you’re inviting trouble. We recommend immediately changing the passwords for these affected sites and if you reuse passwords on more than one site, you should take action to change those duplicate passwords as well. Use the password generator in LastPass to create a strong, unique password for every account.

As always, we will stay vigilant and do what we can to protect our users and their information.

Be Secure,

The LastPass Team