Forum - View topicHow ANN Was Hacked
|
Goto page Previous 1, 2, 3, 4, 5 Next Note: this is the discussion thread for this article |
| Author | Message | |||||
|---|---|---|---|---|---|---|
Tempest
 I Run this place.ANN Publisher  Posts: 10430 Location: Do not message me for support. |
|
|||||
I'm pretty sure they did it for the lulz. |
||||||
|
||||||
|
Tempest
I Run this place. ANN Publisher Posts: 10430 Location: Do not message me for support. |
|
|||||
I don't know who it is, but they left a lot of breadcrumbs. It'll be up to the police to decide if this is even worth investigating, and if any of the breadcrumbs that we've turned over actually lead to someone. -t |
||||||
|
||||||
TheAncientOne
 Posts: 1875 Location: USA (mid-south) |
|
|||||
Any security is only as effective at its weakest link. Too often that weak link ends up being some variation of "I've been locked out of my account, help me regain access". This is a good time to remind people that if an important account of yours requires "secret questions", and you value security, don't give truthful answers to things like, "What is your mother's maiden name" or even "What is your favorite TV show", as the former type isn't difficult to find out, and answers to questions of the second type may have been mentioned by you online at some point. In ANN's case, this entire sequence of events could have been short-circuited if the phone carrier had better security. While denying the hacker access the first 3 times was a good start, beginning with the second time that should have resulted in the carrier contacting the customer, and flagging the account to not allow any changes until that was accomplished. I would also like to point out that there are better methods of 2FA than a text being sent to one's cell phone. Many will support a temporary authentication code that is generated based on the time and a one time secret, either provided by a hardware device or an app. As stated before, however, that can be undone if someone can still gain access to the account by answering two or three "secret questions", or in this case, have a code sent to a cell phone account that has been hijacked. In short, it doesn't do much good to have a vault door for the entrance to your home if there is a large plain glass window around back. |
||||||
|
||||||
|
gorilla491
Posts: 64 |
|
|||||
|
Over the last 12 or so years I've been visiting this site, since beginning High School basically. I can't understand why ANN is repeatedly hacked every few years.
Is it disgruntled fans not liking opinions on topics? I hope the CSR person didn't lose their job, at the very least they can now be at the forefront of explaining what not to do. Social Engineering is now realer then it was even 5 years ago. Well, I hope it's a quick recovery. Anime needs all the backup it can get in todays world of competing streaming services and the plight of animators and voice actors making it in the world. |
||||||
|
||||||
|
curtisd88
|
|
|||||
|
So if I'm reading this right your phone carrier more or less gave the hacker access? So they basically GAVE him/her the power to do all of this? If that's the case then you should DEFINITELY sue your phone carrier for this. The hacker too if he's caught. This is not just some accident or mishap that can be overlooked. The money and time it will take to fix this is not cheap and simple. Hopefully ANN will get justice for this.
|
||||||
|
Yuki_Kun45
Exempt from Grammar Rules
 Posts: 725 Location: U.S.A. |
|
|||||
If hijacking is the goal and if this particular hack was done by overseas perps in HK, perhaps they're just eyeing a domain with a lot of traffic? Maybe they hope to ransom or auction it off? Of course also possible other attempts are people doing it for the lulz. Just speculation on my own part there. |
||||||
|
||||||
|
Redbeard 101
Oscar the Grouch
Forums Superstar  Posts: 16941 |
|
|||||
So will this affect content or subscriber rates? Obviously ANN's financials are private and while everyone does a great job ANN is not a fortune 500 company. So I would imagine this increase in cost for the registar has to come from somewhere. Does that mean fewer reviews, columns, or more ads etc. to offset the cost? Will it hinder the encyclopedia upgrade or any other upgrades that might have been planned? At the end of the day despite everything it's nice to know the servers are ok and things can be fixed. I imagine this was even more stressful given it's prime con season as well. On a personal note I would be switching phone carriers to say the least. |
||||||
|
||||||
Snomaster1
 SubscriberPosts: 2826 |
|
|||||
|
While I'm glad that you guys are slowly getting things back to normal,and I hope you guys get your regular spot back soon but I do have a question for you guys. How will this affect the subscription rates? Will they be raised or what?
|
||||||
|
||||||
EmpyreanBlaze
 Posts: 44 |
|
|||||
Only if you get the codes via SMS instead of an authenticator app. The latter is more secure. As for the hack itself, it wasn't anything special. Informative article nonetheless. |
||||||
|
||||||
Kimiko_0
 Posts: 1796 Location: Leiden, NL, EU |
|
|||||
|
In defense of the CSR, consider that they get called on by people who are in actual trouble because of bad luck or mistakes much more often than by hackers. Those people who were in trouble were probably very grateful when their CSR helped them recover a lost phone number in short time. Tightening security at that level will lead to customers complaining about CSR being too difficult or uncooperative more than customers praising the extra security.
I feel sorry for the CSR who might well get fired because of this case and was only doing their job of helping out a distressed customer. |
||||||
|
||||||
Sakagami Tomoyo
 Posts: 940 Location: Melbourne, VIC, Australia |
|
|||||
Just because people complain about inconveniences but don't praise security doesn't mean security should be a lower priority than convenience. I, for one, while not happy about some of the hoops I had to jump through to prove who I am to various organisations when buying a home, would still rather they be there than not, given some of the scams that were going on before those checks were made necessary. Sure allowances need to be made for people who may have lost required documents, but that should not be a web chat operator just going "yeah, okay". |
||||||
|
||||||
Saphiro01
 Posts: 71 Location: California |
|
|||||
|
I am happy ANN is back up and that everything is relatively back to normal. I have been a lurker on the site for as long as it has existed and I have loved updating what pages in the Encyclopedia I could. Thank you for everything you do and for all the fun. I hope this site continues to be a source for news and encyclopedic information about my favorite medium for many years to come. We do have future generations to inform after all.
|
||||||
|
||||||
|
SWAnimefan
Posts: 634 |
|
|||||
No, they won't. This is a business decision, not something the government can do something about. It's the responsibility of these companies to learn the vulnerabilities of their systems and provide better security means. The only thing the government can do is provide aid through law enforcement in tracking down the hacker(s) and arrest them, providing they are within the nation or in a nation of a friendly state with a law enforcement treaty. All I can say is these companies need to have more motivation in providing better means of security. Especially this one whose CSR dropped the ball. I don't know the contract if it waves responsibility in this situation, but if not, they should reinburse ANN for costs in restoring the status quo.
With respect, you should not have mentioned that. You just tipped them off. |
||||||
|
||||||
Gasero
 Posts: 939 Location: USA |
|
|||||
|
Thank you for informing us about what happened.
It is always sad when someone decides to use their time to antagonize others. The only thing I can think of is that the hacker was motivated by petty grievances or domain name ransoming. Sad |
||||||
|
||||||
|
rpgmaniac
Posts: 16 |
|
|||||
|
It's crazy to which length hackers go today to achieve their objective, I visit this site for many-many years probably over 10 & it was very sad what happen, I took notice instantly as I was trying to find info about an anime when this happen & I was searching all over the place to find out why ANN is down for so many hours, in short I missed you guys when you were down
 in first many years ago before the site's update to show news I was visiting just to get info about songs in anime now all those years later that's still my primary reason but now I keep the site always open & refresh often in order to learn news about anime, anyway keep up the good work guys & I hope that everything will go well from now on.
|
||||||
|
||||||
 |
All times are GMT - 5 Hours |
|
|
|
Powered by phpBB © 2001, 2005 phpBB Group