WGTour today announced that they have had some problems with a hacker during the last few days and that some passwords actually might have been stolen.



WGTour has got a total of 187758 accounts registered on their website, including the same amount of passwords. Administrational members of the World Game Tour gave instructions to the members for them to see whether their accounts have been hacked or not. Here’s the direct quote:

“If while opening some page on a WGT (forums, users page etc...) you have been redirected somewhere else (like www.wgtour.com ) without reason, it means that you’ve been the victim of a cross site scripting attack, and a login/password to your account have been probably stolen.”



Passwords stolen - might work on other sites


Passwords are stored in databases using an encryption called MD5. A hacker might indeed do serious damage accessing those encrypted passwords, because entering the encryption of the password in a web-formula will work just like the password. This because the encryption in fact is the same password but written in what you could call “another language”. Battle.net, for instance, also uses encryption although the Battle.net login will not accept the encrypted versions of the passwords, meaning that you Battle.net accounts most likely will remain safe. Nevertheless, the encrypted versions still has a possibility to work at other community sites assuming the members use their passwords for multiple sites. We strongly suggest everyone to change their passwords and keep them unique for every site, login and account you got.

On the other hand, assuming the hackers did indeed get non-encrypted passwords, it means the longer you wait with changing your password the higher is the risk. This scenario is not very likely at all, although there is a possibility. WGTour did not give very specific facts as of yet and we will contact the programming team of WGTour to get more information if possible.

The amount of members this notification is including, whether the hackers managed to steal any non-encrypted passwords or if a serious hacking incident even took place is yet to be sorted out, but there certainly comes no bad thing with taking an extra safety procedure by changing your passwords!

Stay tuned for updates on the matter.

Links
WGTour.com