What's new
By:
Pinball info

Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

Stern Insider Connected hacked?

Big Phil

Big Phil

Site Supporter
10 Years
Joined
Nov 24, 2011
Messages
4,298
Location
County Durham
Just watched Kaneda's live chat from last night and he claims he has evidence that Stern Insider Connected has been hacked. Potential data breach.
 
If I were to pick a target then that would be a good one. Lots of high value targets and likely to have their guard down as they wouldn't expect a hack.

David
 
well if true I hope Stern come clean about it.

Although not sure I agree @DAFlippers what is there to get from it? and why would high value targets have their guard down?

oh no, someone has shared the fact that it took me twenty times to get the Godzilla super skill shot :D

Neil.
 
Neil McRae said:
well if true I hope Stern come clean about it.

Although not sure I agree @DAFlippers what is there to get from it? and why would high value targets have their guard down?

oh no, someone has shared the fact that it took me twenty times to get the Godzilla super skill shot :D

Neil.
Click to expand...

Not signed up for it, but is there not any personal information in there?

Full Name, DOB, address, personal info for password resets, etc.

Guessing if it has been hacked then peoples passwords possibly compromised and bad actors rely on people being lazy and using the same password and security info for everything online.
 
It's not much of a surprise considering Stern's track record around infosec...

I never put my true info (e.g. DoB) in these services for exactly this reason. They don't need it anyway.
 
Neil McRae said:
well if true I hope Stern come clean about it.

Although not sure I agree @DAFlippers what is there to get from it? and why would high value targets have their guard down?

oh no, someone has shared the fact that it took me twenty times to get the Godzilla super skill shot :D

Neil.
Click to expand...

Insiders is for people that buy games and therefore will have high disposable income they are also buying 'toys for boys' and get excited about things - easier to catch people off guard when they are excited so easier to phish.

David
 
No insider is not for people who buy games. It's for people who play games and aimed at location play to start with (mostly because Stern can't make enough kits).

I doubt this is a big win in terms of data out in the wild but just shows why a pinball company might want to partner with someone who knows how to run online platforms - its not easy.

Neil.
 
Neil McRae said:
No insider is not for people who buy games. It's for people who play games and aimed at location play to start with (mostly because Stern can't make enough kits).

I doubt this is a big win in terms of data out in the wild but just shows why a pinball company might want to partner with someone who knows how to run online platforms - its not easy.

Neil.
Click to expand...

I am sure you know better than me...

David
 
Neil McRae said:
well if true I hope Stern come clean about it.

Although not sure I agree @DAFlippers what is there to get from it? and why would high value targets have their guard down?

oh no, someone has shared the fact that it took me twenty times to get the Godzilla super skill shot :D

Neil.
Click to expand...
I imagine it's more than just that. Personal details, credit card, network information etc.
 
So on the SIC website all that is displayed is my name and address and scores and list of games.

No credit card info is there and DOB appears to be only used to verify you aren't a "minor" (as minors are not permitted to register for certain types of website in the USA.)

Don't get me wrong the data breach is bad, but I don't think its going to create any huge sting!

Its possible that Stern are grabbing info from the games like network information but every device in your home does that now anyway especially the one you are using to read this! I'm not seeing anything pretending to be a pinball machine in my honeypot :rofl:

Regards,
Neil.
 
hmm, I think Kaneda might have got the wrong end of the stick on this. I think someone has used a login/password combo that has been pwned somewhere else. And SIC not hacked.
 
I'd have thought passwords would be hashed (encrypted) as standard functionality in any customer database they use, and credit card data stored by a 3rd party payment provider rather than locally. I'd guess this is very low risk even if they have been hacked.
It's also hard to imagine anyone targetting Stern tbh, the volumes of data must be immaterial versus what's taken from big corporations - thousands for Stern v tens or hundreds of millions from big corporations. This data is just sold in bulk online by hackers anyway, and it wouldn't be more valuable because it came from a pinball company. The people actually exploiting customer data probably don't even know what a pinball machine is, never mind its value 😜
 
JT. said:
I'd have thought passwords would be hashed (encrypted) as standard functionality in any customer database they use
Click to expand...
Hashing and encryption aren't the same. Also hashing can be broken by dictionary attacks which will reveal the weaker passwords.

Agree there is little value here. LinkedIn's database was hacked/leaked a few years back and that contained many orders of magnitude more info!
 
Fubar said:
Hashing and encryption aren't the same. Also hashing can be broken by dictionary attacks which will reveal the weaker passwords.
Click to expand...
Yeah, I know. I was just suggesting a 'close-enough' concept that everyone here would be familiar with👍
 
Hackers won’t be attacking stern - they are looking for compromised hosts to re-use to attack other folks.
 
You must log in or register to reply here.
Back
Top Bottom